It is designed to bring data protection legislation into line with new and previously unforeseen ways that data is now used. There are two main reasons, why the GDPR has been introduced.
1. To give people more control over how their personal data is being used.
2. To give businesses simpler and clearer guidelines to processing personal data across the EU.
The regulation came into force on 24 May 2016, but it will become law on 25 May 2018.
The GDPR applies to ‘Controllers’ and ‘Processors’ of personal data.
The definitions are broadly the same as under the DPA – ie the Controller says how and why personal data is processed and the processor acts on the Controller’s behalf. If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR.
If you are a Processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities.
You will have significantly more legal liability if you are responsible for a breach. These obligations for Processors are a new requirement under the GDPR. However, if you are a Controller, you are not relieved of your obligations where a Processor is involved – the GDPR places further obligations on you to ensure your contracts with Processors comply with the GDPR.
For the GDPR, as a recruitment software provider networx are the Processor, and our clients are the Controller.
However if a client uses networx recruitment services to manage vacancies, then networx are the Processor and the client and networx are the joint Controllers.
Any data breach (including Cyber Attacks) must be reported within 72 hours. Failure to report a breach within the 72-hour deadline could face a penalty of up to 2% of their annual worldwide revenue, or €10 million, whichever is higher.
If an organisation does not follow the basic principles for processing data for example they fail to get consent from candidates to process their data or don’t provide candidates with the option to delete their information the fines can be even bigger. The data protection authority can issue penalties of €20 million or 4% of your global annual turnover, whichever is greater.
This document has been created to provide HR departments with the information they need to ensure that their recruitment processes are compliant with the forthcoming GDPR, due to come into force 25th May 2018.
The information provided is the document is based on our own understanding of the new legislation and the potential impact that this will have on the way organisations recruit and the software they use to process/ store candidate data.
Wait... Not quite ready to book a demo but want to find out more?
Please leave your details and one of our team will contact you to discuss your requirements.