GDPR, four months on: What does it mean for the jobseekers?

October 3, 2018 Javad Juma

The General Data Protection Regulation (GDPR) has been in full force for just over 4 months now and whilst much of the hype focused on employers trying to get their data compliant before the deadline, applicants and jobseekers might be somewhat bewildered by the process.

So, what exactly do applicants need to know about GDPR? And how might it affect them during the recruitment process? 

GDPR in a nutshell

GDPR is a new regulation set by the European Union that came into force on May 25th and affects how businesses handle and store people’s personal data. The law replaced an existing EU data protection law from 1995 and essentially grants more protection and privacy for the personal data of EU citizens. All organisations who hold data of the EU market, whether the organisation itself resides in the EU or not, are affected by the new law – and the EU has proposed huge financial consequences to companies who don’t comply to the new regulation.

For HR and recruiters, this means that any personal information stored on system or within emails about their employees and/or applicants are regulated under this new law. As for applicants, the GDPR gives them more control over the personal data they hand over to employers, allowing them to choose whether organisations can keep their data or not.

Defining personal data

The GDPR law covers any form of “personal data” but the term is a fairly complex category of information. The EU GDPR, broadly defines personal data as “any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person”. This can be anything from physical identifiers like name, address, medical information and bank details but also digital identifier like IP addresses, email addresses and twitter handles – many of these details will appear either on candidates’ CVs or be passed onto recruiters during the application process.

What candidates need to look out for

We now live in an era where so much of our personal data is stored online and in digital systems. It’s important for candidates to know what companies are doing with their personal data during the recruitment process and how candidates can control the data they disclose. Here are 3 pointers for jobseekers and candidates to remember when it comes to GDPR compliance: 

  1. Look at the application fine print

All companies should now show their compliance. Those who don’t are breaking the law and will suffer consequences – potentially putting your data at risk if a company has a data breach. Candidates should also pay attention to small details like privacy policies and ticks boxes when submitting applications to see how their data is being handled.  If a company isn’t specifically telling you how they will be using your information, then they aren’t GDPR compliant.

  1. People have the right to request their data

The new data protection law allows people more rights over how their data is used. This means that candidates can now request access to their personal data from the organisation at any time and organisations will have to grant them access (by law) – don’t be afraid to ask.

  1.  Employers shouldn’t be retaining your information

The GDPR states that companies should only be keeping people’s personal data for as long as is necessary unless they agree a longer retention period. With this in mind, this means that companies should not be holding personal data of unsuccessful candidates unless they have a valid reason.

Your personal data is a precious source of information and could be vulnerable if data breaches occur amongst organisations. Although companies should be taking steps to protecting your data under the GDPR, the value of our personal data shouldn’t be underestimated. Seeing employers who recognise and respect the value of personal data is a sign of trust between the candidate and the organisation as it can be reassuring to know that your data is in secure hands.  So, next time you submit a job application, be sure to look out for the signs of GDPR compliance.

About the Author

Javad Juma

Javad Juma is the Talent Acquisition Manager for EMEA and APJ and joined Cornerstone in 2012. He has been involved in recruiting for over 15 years (yes, he is quite old, despite his boyish good looks and charm!) and has spent time within Financial Services and telecoms sectors.

Follow on Twitter Follow on Linkedin More Content by Javad Juma
Previous Article
Onboarding new workers through mentoring
Onboarding new workers through mentoring

The influx of people arriving into the labour market is a continuous and diverse process. Although recruite...

Next Article
Corporate networks: The power of alumni
Corporate networks: The power of alumni

Digital disruptions aside - business is still conducted between people. Human relationships play a signific...