Unless you’ve been living under a rock for the last few months, then you’ll know that General Data Protection Regulation became law on 25th May 2018. There are two main reasons why GPDR was introduced:
- To give people more control over how their personal data is used
- To give businesses simpler and clearer guidelines on processing personal data across the EU
So, with GDPR regulations in place, what happens now?
Make sure you are fully educated on the key requirements that the GDPR law has set in place
Most importantly, its crucial to ensure that you fully understand the key requirements that GDPR has set in place. We’ve outlined the key requirements on our website here, but if you want a quick summary of these requirements, GDPR states that personal data must be:
- Processed lawfully, fairly, and in a transparent manner
- Collected for a clearly specified and legitimate purpose, and not further processed in a manner that is incompatible with those purposes
- Relevant and limited to what is necessary in relation to the purposes for which they are processed
- Accurate and kept up to date
- Kept in a form which permits identification of data subjects for no longer than is necessary
- Processed in a manner that ensures appropriate security of the data.
Be aware of the penalties
It’s vital for your organisation to be aware of the penalties involved with the new GDPR regulations. Any data breach must be reported within 72 hours. Failure to do so within this time frame could result in you facing a penalty of up to 2% of your annual worldwide revenue, or €10 million – whichever is the highest figure.
If your organisation does not follow the basic principles for processing data – for example, you fail to get consent from candidates to process their data or don’t provide candidates with the option to delete their information, the fines can be even bigger of either 4% of your global annual turnover or €20 million.
The numbers speak for themselves – make sure you’re compliant with all aspects of data handling, otherwise you risk a huge fine coming your way.
Understand the rights of individuals under GDPR
In addition to the key requirements of GDPR, it’s important to understand the rights of individuals regarding their personal data. Each and every candidate MUST:
- Be informed about how their data is stored, processed, and who it will be shared with
- Be able to view all of their personal data stored in the system
- Be able to update their details
- Be able to request their personal data be removed from the system
- Additionally, candidates also have the right to restrict or object to the processing of their personal data.