We’ve blogged before about GDPR and how it will affect all businesses and the way they look after people’s data.
With the GDPR ‘go live’ date on May 25, if you run a business then now really is the time to take action to ensure data you hold is GDPR compliant.
And if you’re a consumer, you’ll be pleased to know that the GDPR rules are aiming to ensure data held on you is secure and – should you wish to withdraw your data – making it easier to do so.
A reminder about what GDPR is
The General Data Protection Regulation is Europe's new framework for data protection laws. It replaces the previous 1995 data protection directive, which current UK law is based upon. The new regulation comes into force on May 25, and will be enforced by the Information Commissioner's Office (ICO).
Post-Brexit, the Government has confirmed the GDPR rules will still be in place.
What GDPR means for business
GDPR has an impact on all businesses (including 24-7 Staffing) and organisations (including charities). Indeed, it affects any organisations that process personal data concerning employees, customers or prospects - or anybody else. It applies across the EU and also to organisations which may be based outside the EU but are trading within the EU.
Complying with GDPR
A system of fines will be put in place for breaches, and they are eye-wateringly high. However, they are discretionary rather than mandatory; they will be imposed on a case-by-case basis and must be effective, proportionate and dissuasive.
There are two tiers of administrative fines that can be levied:
- Up to €10 million, or 2% annual global turnover – whichever is higher.
- Up to €20 million, or 4% annual global turnover – whichever is higher.
GDPR and 24-7 Staffing
We’ve been preparing for GDPR since last autumn, so our systems are now all in place ready for May 25.
We have sent out an ‘opt-in’ email inviting those who wish to remain on our database to opt back in as a client or candidate . This has given us an opportunity to reconnect with people, and we can now be certain that anybody we contact is happy to hear from us. Also, we have amended our processes to ensure that it is very easy for people to remove their data from our systems under GDPR’s ‘right to be forgotten’ rules.
We have looked at all the personal data we held and distinguished between what we needed to have in order to provide our services, and data that was irrelevant. We have also changed our registration forms for candidates to remove unnecessary questions.
Finally, we have put in place procedures to ensure that where we need to pass on data (for example to clients, who are looking to employ candidates) that they are also GDPR compliant.
If you are job-hunting and would be happy to hear from us, please do get in touch.