For many organisations, the GDPR presents a daunting question.
Do I need to scrap my current talent pool and start again?
Unfortunately for some organisations the answer will be Yes.
If you do not have the necessary consent to store an individuals personal data, then you will need to delete these records before the legislation comes into effect in May 2018.
This is specifically relevant to personal data that has been manually added to your talent pool. For example, if you have uploaded details from an individuals LinkedIn profile or from a CV database.
Even though this information is publically available on the internet this does not give you the right to store and process this information in your own talent pool. The fact that the information can be easily found and accessed at any time means that you have no need to store the information either.
Adding data to your database via this method i.e. without the knowledge and consent of the individual will also undoubtedly contribute to the amount of out of date data within your database. Any updates to the original profiles will obviously not be replicated in your own records and therefore quickly become irrelevant anyway.
Can’t I just contact candidate’s within my talent pool and get them to consent now?
No. In order to communicate with a candidate, you must have their consent. Under the current Privacy and Electronic Communication Regulation you must not send electronic mail marketing to any person unless they have specifically consented to receive emails from you.
Sending an email asking for consent is actually breaking one law in order to comply with another.
Many large organisations have been fined for such activities. Essentially you would be much better off deleting the data than risking a fine.
In addition by contacting them, you are merely highlighting to individuals the fact that you have their data (which is most likely out of date) and acknowledging that you know you shouldn’t be storing it without the right consent.
If a large proportion of your data has not been updated in the last 6 months, then essentially contacting these people would provide very little value anyway. Not only will they have added to their work experience but key elements such as address and contact details may have changed too.
You now not only need them to consent for you to keep their data but need them to update it aswell!
Whilst the GDPR may essentially force organisations to cleanse their current database this will ultimately lead to greater efficiency and accuracy of data being held to support your future recruitment needs.
Does your talent pool comply with GDPR?
As an organisation, networx have undergone extensive GDPR training and are recognised as fully Certified GDPR Practitioners.
Whilst every effort has been made to ensure that the information included in this article is accurate at the point of release this should not be relied upon as legal advice or be used to determine how GDPR will apply to your organisation.
We encourage all organisations to seek the advice of a legally qualified professional to discuss GDPR and how best to ensure compliance.