Over the last 25 years, technology has transformed our lives in ways nobody could have imagined. With it has come a lot of grey areas concerning an individual’s rights to the data being collected about them. Think about it: every one of us has some personal information about us out there on the web. From making purchases on an e-commerce platform, signing up for online services, or applying for job on Mons, it’s nearly impossible to remain completely offline in the modern era. This constant accumulation of personal information has led to the increased exploitation of data, causing identity theft to hit an all-time high.
In response, the European Union (EU) has implemented the General Data Projection Regulation (GDPR). GDPR is a legal framework that sets guidelines for the collection and processing of personal information. Nearly one year in, it has drastically changed the way businesses interact with their customers and potential job seekers.
When you get right down to it, GDPR gives people more control over their own data. Instead of letting companies run amok, doing whatever they please with someone’s information, the individual is now more empowered. GDPR has given them the right to determine if a company can use or even hold onto their data.
GDPR has three different parties involved:
- The Individual – whose personal data is being stored. The individual can give consent to the other parties, and has the “Right to be forgotten”
- The Controller – the party in possession of the individual’s data
- The Processor –the platform used to store the personal data
Penalties for violating GDPR can be as steep as $20 million or 4% of total revenue. And these laws do not simply apply to companies located in the EU. Companies anywhere who service Europeans must adhere to GDPR regulations or face violation penalties.
What does all this mean for recruiting companies? Well for one, contacting candidates who have asked to “be forgotten” is a huge no-no. We have to ensure our data is up-to-date, never keeping data on candidates for longer than is necessary. Staffing firms must also demonstrate that they are taking technical and organizational measures to protect candidates’ data. This means educating and retraining employees so that they can effectively assess the risks involved in processing data. Documentation of your efforts is critical too, and is a major part of the new regulations. Silver lining: it forces us to keep our records squeaky clean, highly relevant, and encourages us to maintain good relationships with everyone in our database!
Some states in the US are also making pushes to update their privacy laws. After the implementation of GDPR last May, California passed a similar bill called The California Consumer Privacy Act of 2018. As of now, California and Vermont have the most comprehensive privacy laws in the United States. Within a 3-4 month period, 12 additional states updated their privacy laws and we will continue to see similar privacy legislation passed as we move forward.