Why Change Management is Key to GDPR Compliance

This is a guest post for us from Robert Dagge who is Managing Director at Dynistics.

Big Data is fast becoming the driving force behind many business strategies today – it has arguably affected the recruitment industry more than any other. However, given the sector is purely based on personal data, every company will be severely impacted by the General Data Protection Regulation (GDPR) regardless of whether they specialise in Executive Search, Contingent, Contract, or RPO.

The GDPR comes into effect in May 2018 and will significantly change and update the data protection rules in the UK. It is therefore vital that recruiters both understand and comply with the new rules, not least because the increased penalties for non-compliance top €20 million or 4% of global turnover (whichever is higher). That said, those who embrace the legislation and seek to drive efficiencies will be richly rewarded.

Designed to safeguard personal information, the GDPR lays out essential requirements all recruitment agencies must adhere to. For example, every individual must give explicit consent for their personal data to be collected and used; they must understand how their information will be used; and all personal data must be destroyed after a prescribed period of time. With this in mind, it would be easy to believe everything related to GDPR compliance can be dealt with by an agency’s legal team. But the GDPR is not just about database or IT security – it’s about change management.

With the GDPR impacting everyone in a recruitment agency, it can’t just be left to the company’s legal ‘experts’. Anyone handling personal data has a responsibility. As a result, everyone involved in the recruitment process should now be assessing what personal data they capture, how it is collected, where it is stored, how it is used throughout the recruitment process, and what needs to be cleansed.

While this can seem overwhelming, with the right foresight and tools, achieving compliance is not only achievable but hugely beneficial company-wide. Just as it’s a given that, for recruiters, the agility with which they can gather and analyse data can give them the edge, reducing costs, improving efficiency and leading to more successful appointments. This skill will also give them the edge when it comes proving consent, enforcing security and sharing, or removing requested information. Which is why all recruiters should put data management at the heart of their GDPR preparation.

No excuses for not knowing

 Any data management process requires organisations to know precisely what data they have. What the GDPR forces recruiters to consider, however, is where they hold every single piece of personal data. Should an organisation suffer a breach, “not knowing” it has unseen data or inconsistencies in the treatment of data, is not a permissible excuse. Taken in this context, the issue of the personal data that all employees in an organisation holds becomes far more complex.  The ability to quickly pull data from various sources into one place, and understand it, is giving professionals more power over their operations than ever before.

Data visualisation tools – or dashboards – are fast becoming the tool for planning and preparing for the change the GDPR will bring. And just as they have reduced the time and potential for human error involved, in data collection and management, they serve the dual purpose of providing a detailed picture of all data held subject to the GDPR.

This thorough approach to data management not only offers a great start to GDPR compliance but also the opportunity to uncover and resolve data that is ‘hiding’ throughout an organisation’s network including sensitive information, personally identifiable data and duplicated information.

In fact, it’s crucial for any recruiter that wants to get it right first time. Understanding the type of data that will be affected under the GPDR is one thing. Having to search for where that data is held is another entirely and, without the right tools, one which is almost impossible – and one which becomes a company-wide problem.

About the Author