GDPR Compliance & Data Protection for Recruitment Agencies
The Data Protection Act 2018 (DPA) brought into force the General Data Protection Regulation (GDPR), which introduced new responsibilities for recruitment agencies and staffing functions, along with significant fines of up to €20m or 4% of a firm’s annual turnover for non-compliance.
We get it, you updated your policies a couple of years ago and you don’t want to do it again! Unfortunately, compliance is an evolving world. For example, changes due to Brexit means certain actions may need to be taken to ensure your recruitment business maintains compliance.
GDPR & data protection compliance obligations for recruitment agencies
Your recruitment agency must have a transparent and an easily accessible privacy notice in place explaining how it collects, processes and protects data. It also needs to give instructions to data subjects on how to ask your company to delete and rectify their data.
Risks for recruitment agencies for non-compliance of GDPR & Data Protection obligations
The DPA places the burden of ensuring compliance on your entire recruitment organisation, especially functions like recruitment & staffing which rely heavily on collecting candidates’ personal data.
Penalties are up to €20 million or 4% of a firm’s annual turnover, whichever is greater, can be issued by the ICO.
We can provide the following GDPR/data protection compliance services for recruitment agencies;
- GDPR/Data Protection Audit
- Privacy notice
- Data Protection for Internal Policies: staff handbook, SARs, Retention
- Controller-Controller and Controller-Processor Agreements
- General Advice on Data Protection.
- Data Protection Training
Recruitment agencies are data controllers. Data controllers determine the purpose and means of processing personal data as well as processing activities.
Absolutely, yes. Please get in touch and we’ll happily send you a quote.