The General Data Protection Regulation (GDPR) has been in full force for just over 4 months now and whilst much of the hype focused on employers trying to get their data compliant before the deadline, applicants and jobseekers might be somewhat bewildered by the process.
So, what exactly do applicants need to know about GDPR? And how might it affect them during the recruitment process?
GDPR in a nutshell
GDPR is a new regulation set by the European Union that came into force on May 25th and affects how businesses handle and store people’s personal data. The law replaced an existing EU data protection law from 1995 and essentially grants more protection and privacy for the personal data of EU citizens. All organisations who hold data of the EU market, whether the organisation itself resides in the EU or not, are affected by the new law – and the EU has proposed huge financial consequences to companies who don’t comply to the new regulation.
For HR and recruiters, this means that any personal information stored on system or within emails about their employees and/or applicants are regulated under this new law. As for applicants, the GDPR gives them more control over the personal data they hand over to employers, allowing them to choose whether organisations can keep their data or not.
Defining personal data
The GDPR law covers any form of “personal data” but the term is a fairly complex category of information. The EU GDPR, broadly defines personal data as “any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person”. This can be anything from physical identifiers like name, address, medical information and bank details but also digital identifier like IP addresses, email addresses and twitter handles – many of these details will appear either on candidates’ CVs or be passed onto recruiters during the application process.
What candidates need to look out for
We now live in an era where so much of our personal data is stored online and in digital systems. It’s important for candidates to know what companies are doing with their personal data during the recruitment process and how candidates can control the data they disclose. Here are 3 pointers for jobseekers and candidates to remember when it comes to GDPR compliance:
- Look at the application fine print
All companies should now show their compliance. Those who don’t are breaking the law and will suffer consequences – potentially putting your data at risk if a company has a data breach. Candidates should also pay attention to small details like privacy policies and ticks boxes when submitting applications to see how their data is being handled. If a company isn’t specifically telling you how they will be using your information, then they aren’t GDPR compliant.
- People have the right to request their data
The new data protection law allows people more rights over how their data is used. This means that candidates can now request access to their personal data from the organisation at any time and organisations will have to grant them access (by law) – don’t be afraid to ask.
- Employers shouldn’t be retaining your information
The GDPR states that companies should only be keeping people’s personal data for as long as is necessary unless they agree a longer retention period. With this in mind, this means that companies should not be holding personal data of unsuccessful candidates unless they have a valid reason.
Your personal data is a precious source of information and could be vulnerable if data breaches occur amongst organisations. Although companies should be taking steps to protecting your data under the GDPR, the value of our personal data shouldn’t be underestimated. Seeing employers who recognise and respect the value of personal data is a sign of trust between the candidate and the organisation as it can be reassuring to know that your data is in secure hands. So, next time you submit a job application, be sure to look out for the signs of GDPR compliance.
About the AuthorFollow on Twitter Follow on Linkedin More Content by Javad Juma