GDPR Compliance & Data Protection for Recruitment Agencies
The Data Protection Act 2018 (DPA) brought into force the General Data Protection Regulation (GDPR), which introduced new responsibilities for recruitment agencies and staffing functions, along with significant fines of up to €20m or 4% of a firm’s annual turnover for non-compliance.
We get it, you updated your policies a couple of years ago and you don’t want to do it again! Unfortunately, compliance is an evolving world. For example, changes due to Brexit means certain actions may need to be taken to ensure your recruitment business maintains compliance.
GDPR & data protection compliance obligations for recruitment agencies
Your recruitment agency must have a transparent and an easily accessible privacy notice in place explaining how it collects, processes and protects data. It also needs to give instructions to data subjects on how to ask your company to delete and rectify their data.
In addition to this privacy notice, your company should have a privacy policy within your company handbook, which informs your staff on how to abide by the privacy notice.
Send us your GDPR & Data Protection policies & your staff handbook for review and we’ll send you a quotation to get things ship-shape.
Risks for recruitment agencies for non-compliance of GDPR & Data Protection obligations
The DPA places the burden of ensuring compliance on your entire recruitment organisation, especially functions like recruitment & staffing which rely heavily on collecting candidates’ personal data.
Penalties are up to €20 million or 4% of a firm’s annual turnover, whichever is greater, can be issued by the ICO.
We can provide the following GDPR/data protection compliance services for recruitment agencies;
- GDPR/Data Protection Audit
- Privacy notice
- Cookie Policy
- Website & Portal Terms of Use
- Data Protection for Internal Policies: staff handbook, SARs, Retention
- Controller-Controller and Controller-Processor Agreements
- General Advice on Data Protection.
- Data Protection Training
GDPR FAQ
General Data Protection Regulation (GDPR) requires recruitment agencies to have a privacy policy notice outlining the purpose and legal basis for processing candidate application data, as well as data retention periods, accessible on its website. The ICO can take action against organisations and individuals that collect, use and retain personal information. This includes criminal prosecution, enforcement, audit and the power to impose a monetary penalty on a data-controller of up to £500,000.
Recruitment agencies are data controllers. Data controllers determine the purpose and means of processing personal data as well as processing activities.
Absolutely, yes. Please get in touch and we’ll happily send you a quote.