The GDPR was and is designed to bring data protection legislation into line with new and previously unforeseen ways that data is now used. The two main reasons why the GDPR was introduced are:
1. To give people more control over how their personal data is being used.
2. To give businesses simpler and clearer guidelines to processing personal data across the EU.
The regulation came into force on 24 May 2016, however this then became law on 25 May 2018.
The GDPR applies to both ‘Controllers’ and ‘Processors’ of personal data.
The definitions are broadly the same as they are under the Data Protection Act ( DPA) – ie The Controller is the person or organisation who says how and why personal data is processed and the Processor is the person or organisation that acts on the Controller’s behalf. If your organisation is subject to the DPA, it is highly likely that you will also be subject to the GDPR.
The GDPR places new legal obligations on Processors. For example, Processors will be required to maintain a record of all personal data and processing activities. Processors will also have significantly more legal liability if they are responsible for a breach.
However, if you are a Controller, you are not relieved of your obligations where ever a Processor is involved. The GDPR places further obligations on Controllers to ensure your contracts with Processors comply with the GDPR.
As a recruitment software provider, networx are considered a Processor and our clients are the Controllers.
However if a client uses our recruitment services, then networx remain the Processor but both the client and networx are considered joint Controllers.
networx take the responsibility of being both a Controller and a Processor very seriously and have the necessary certified professionals and knowledge in house to ensure our software and services are fully GDPR compliant.
When it comes to storing and processing personal data for the purpose of recruitment an alarming number of companies still do not seem to take GDPR seriously, despite the potential of facing significant penalties should they encounter a data breach.
What is data breach?
A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorised to do so.
Any data breach (including Cyber Attacks) must be reported within 72 hours. Companies who fail to report a breach within the 72-hour deadline could face a penalty of up to 2% of their annual worldwide revenue, or €10 million, whichever is higher.
If an organisation does not follow the basic principles for processing data, the fines can be even bigger. Examples of this could be failure to get consent from candidates to process their data in the first place or not providing candidates with the option to delete or update the information you hold about them. In this situation the data protection authority can issue penalties of €20 million or 4% of your global annual turnover, whichever is greater.
networx have undergone a 5 day intensive course and independent examination to become certified GDPR practitioners.
As a result we have made the necessary changes and improvements to ensure both our recruitment software and services are GDPR compliant.
The above information is designed to provide HR departments with the information they need to identify any potential risks and ensure that their recruitment processes are compliant with the GDPR Law.
The information provided on this website is based on our own understanding of the new legislation and designed to highlight some of the key considerations facing In House Recruitment Teams and the potential impact that the legislation has had on the way organisations recruit. Its also designed to show the importance of choosing the right recruitment software to process/ store candidate data.
Wait... Not quite ready to book a demo but want to find out more?
Please leave your details and one of our team will contact you to discuss your requirements.