All companies and organisations that deal with data relating to EU citizens must comply with the new GDPR. The UK has said that despite Brexit, it will implement the EU’s GDPR anyway. Therefore, it is even more essential that you are familiar with the new regulations and what we are doing about them.
EU data protection reform was first proposed by the European Commission back in January 2012, with the aim of updating the regulation so it is fit for the digital age.
In April 2016, the new Regulation and Directive were adopted by the European Parliament with it set to apply from 25 May 2018 onwards.
GDPR will apply to many businesses, defined as either controllers or processors.
- Controllers say how and why personal data is processed, subject to legal obligations and liabilities and are required to maintain records of personal data and processing activities.
- Processors are those who act on behalf of the controllers, but the legal obligations remain with the controller.
Changes to the Regulation
Much of the GDPR is similar to that of the Data Protection Act (1998), applying to personal data but with a broader definition. All data that can be deemed to identify someone is classed as personal data under the new GDPR. This includes everything from genetic and economic information to IP addresses.
The changes also place more emphasis on consent, putting candidates more in control with what and how their data is used by our business. An increased emphasis on individual rights regarding usage of their personal information means that we have already started to adapt how we obtain and use such data.
New transparency and individuals’ rights accommodations have been made within our business to ensure everything is covered under the GDPR changes. Whether it’s how we obtain and use information before, during and after receiving consent to use such data.
How We Are Preparing
There is still just over a couple months to get compliant with the new GDPR. For safety, we have already begun preparing and there are many steps we are taking to prepare for GDPR.
These are some of the most important ones:
- Be aware that the data protection laws will be switching to GDPR (which, given you’ve read this far, you should be).
- Record all personal data we currently hold and obtain in the future, including where it came from and who it is shared with.
- Review and plan how we obtain and document consent.
- Put in place procedures for data breaches.
- Familiarising ourselves with the new GDPR laws and procedures.
We pride ourselves on our ability to be above the rest and making sure we are compliant allows our candidates and client to rest assured we have their best interests in mind.