GDPR: how 24-7 Staffing has prepared for the new data regulations
If, like most of us, you’re fed up with unsolicited calls or emails about the likes of PPI or making a claim after an accident, then you’ll be pleased to know that the new GDPR rules aim to put a stop to them.
Most business owners will have heard of GDPR, and should be on their way to being GDPR compliant. But for the average person in the street, GDPR may still be a mystery.
What is GDPR
The GDPR is a European directive that marks the beginning of the next generation of data protection. It’s been 20 years since they were last reviewed and the way we use data has dramatically changed in that time and data volumes have exploded - in the last two years we have created more data than in the previous entire history of the human race!
In a nutshell, GDPR widens and strengthens the current data protection rules, and companies holding personal data (including data of staff as well as their customers or other individuals they deal with) have to abide by the rules about collecting, using and storing it. They have to obtain clear consent, and they have to make it easy for people to withdraw consent at any time.
The regulation was adopted in April 2016, but we’re about to reach the end of the two-year transition period, and the ruling becomes enforceable from May 25. Thereafter, there may be some very stiff penalties meted out for companies falling foul of the GDPR rules. It will also survive Brexit as the UK plans to adopt the changes and in any event all countries will have to comply with GDPR in order to continue trading with the EU.
We’ve been preparing for GDPR since last autumn, and are delighted to say we will be fully compliant well ahead of the May 25 deadline.
Taking advice from the Information Commissioner’s office, we started by drawing up an action plan of what we needed to do, and attended as many talks and presentations on GDPR as possible, to make sure we thoroughly understood its implications.
As part of our action plan, we looked at all the personal data we held and distinguished between what we needed to have in order to provide our services, and data that was irrelevant. As a result, we have changed our registration forms for candidates and, for example, no longer include a question about marital status – we don’t need to know that.
We changed our procedures from January 1, to ensure that we follow GDPR rules for all those coming to us for the first time.
But we have also had to look at all the archive data we already hold and are now going through a process of contacting every single individual to ascertain whether they still want their data held with us and whether they want to be contacted by us. One benefit is this has given us an opportunity to reconnect with some former candidates.
We’ve amended our processes to ensure that it is also very easy for people to remove their data from our systems under GDPR’s ‘right to be forgotten’ rules.
Finally, we have put in place procedures to ensure that where we need to pass on data (for example to clients, who are looking to employ candidates, or suppliers – such as our IT support – who need information) that they are also GDPR compliant.
In all, it’s been a big undertaking, but one which we have been happy to take on board, as it keeps the personal data of our staff and our candidates that much more secure.
So roll on the day when there are no more PPI calls!
If you would like any more information on GDPR and how it affects your personal data, or if you are job-hunting and would like to speak to our recruiting team, please do get in touch.