GDPR! (Collective groan from the readers…) I know you are probably having way too much stuffed down your throats about getting ready for the impending legislation. But to lighten the mood slightly, here are my 5 reasons why we should be cheering not fearing GDPR!
The starting point for any GDPR preparation is working out where you are at the moment. We had an excellent audit completed by a GDPR consultancy, enabling us to assess our current policies and procedures, as well as a data usage amnesty, which allowed us to understand what behaviour is actually occurring anonymously. You may think you are protecting your customer's data with airtight policies, but if your consultants don’t understand the implications of leaving data on desks, in bins, or on USBs, you are risking a breach!
Completing an audit of your existing systems is extremely eye-opening for any business. Whether this is your IT and database security, electronic communication policies, or consultant behaviour, having the opportunity to identify where a security breach might occur will help to safeguard your business for the future.
The ultimate goal for GDPR is protecting personal data. Recruiters hold hundreds of thousands of pieces of personal data and the new laws mean they are required to change the way they protect that data. Instead of thinking of your database as a static filing cabinet, businesses are placing more emphasis on the people behind that data and creating cultures where the customer comes first. Being clear and transparent about what you do with your customer's data will increase confidence in your organisation. In the same way that your health and safety policies protect your internal employees in the workplace, you should view protecting your customer's data in the same way!
After identifying any potential weaknesses, you are then able to improve your current processes. For us, this has been about educating internal employees and streamlining existing processes. This could be as simple as setting up a confidential waste bin, to rewriting your confidentiality clauses in the staff handbook, but either way, these steps will help improve efficiency and compliance within your business. Whilst many people are hesitant around the associated costs with becoming GDPR compliant, you are ultimately gaining a competitive edge. As the publicity around GDPR increases and customers become more aware of their rights, your ability to deal with and process Subject Access Requests, and minimise the risk of breaches will be held in great esteem to those people who matter the most (your clients and candidates).
When I first heard about GDPR, I’ll admit I was overwhelmed at the implications and the workload this was likely to put on Operations staff. However, after the initial scaremongering, I realised how valuable this was to us as a business. When we started the GDPR preparation, I focused on how we could use it to improve the business and the first thing I saw was data cleansing. As a business, we have been setting aside time each week to call through candidates that have not been contacted within the last 3 years. This has led to over 200 candidates being regenerated as active job seekers, and nearly 1000 having their data cleansed (updated contact details, skill codes and job statuses). It’s not difficult to see the benefits of this. There is no point in having a database of 100,000 candidates if you a) can’t search for them properly, and b) have no idea about what they are currently doing or how to contact them. For us, this has already generated numerous fees with candidates we previously wouldn’t have found on the system.
Having a truly engaged database is invaluable. Ask yourself, do you need the contact record for a candidate you have never managed to get on the phone, you don’t have a full CV for, or haven’t had the correct number for since 2007? Why pay for the storage? Not only can you generate extra fees, why not reduce your data storage overheads at the same time?
The easy thing to do is bury your head in sand. Yes, this is going to be tough. But the implications of not getting GDPR compliant is that you are not taking the security of your customer's data seriously, and you are not honouring their rights. If you were a candidate, working with 2 different companies, one that lives and breathes your data security and rights, and the other that takes a nonchalant approach, which is likely to give you the better service? And who do you think you are more likely to recommend? Being GDPR compliant is a badge of honour and you should shout about it!
So there you have it! Stop thinking about GDPR as a chore and start thinking about how you can improve your business with it.