With less than three months left until May 25th, many employers are worried about how GDPR will affect their daily operations and processes, and ultimately, their capabilities to maintain a healthy and compliant talent pipeline. Therefore, Universum asked its partner company Wintrgarden to contribute with some GDPR pointers and tips for HR.
What is GDPR, and what does it mean for Talent Acquisition?
In short, GDPR is a new set of data privacy rules aiming to strengthen EU citizens’ control of their personal information. While the regulations affect all kinds of personal data processing, e.g., the way that vast social networks and internet giants map their users, Human Resources and especially Talent Acquisition will be profoundly affected.
HR is a people business, and with all the digital tools used to source and engage candidates, GDPR raises the bar for what’s considered compliant Talent Acquisition practice. Traditionally, employer branding and talent pipelining occur across many different channels, with data of potential hires often being maintained in various databases, spreadsheets and across recruiter mailboxes. Under GDPR, the way companies manage talent prior to them becoming applicants needs to change, and any employer relying on more than active applications will require tools for handling their pipelines.
What exactly are these new requirements?
One of the fundamental requirements of GDPR is that of active consent. Processing (e.g., collecting, storing, accessing, transferring) of personal data (any information that can be used to identify an individual, such as a name, email, or even photo) is only permitted after the data subject has actively accepted clearly articulated data privacy terms. Such terms must understandably outline what data is being processed, by whom, for what purpose, and for how long. Furthermore, it must be clear how the candidates can update or withdraw their information, and this process must be as simple as the initial process of giving consent.
GDPR will also require more from employers when it comes to internal organizational measures. Generally, companies will need to appoint a Data Protection Officer, and the requirements on documentation, reporting and access control are strengthened.
Is GDPR all about compliance and making the lives of recruiters more difficult?
The new regulations and the risk for hefty fines in case of non-compliance (up to €20M or 4% of global annual turnover, depending on which is higher) are certainly intimidating at first glance. However, the required process and technology upgrades also provide Talent Acquisition with an excellent opportunity to take candidate sourcing and communication to provide Talent Acquisition with an excellent opportunity to futureproof candidate sourcing and communication
GDPR is forcing a shift in the HR Tech industry. From traditional Applicant Tracking and Recruitment Marketing tools that focus on unsolicited outbound sourcing, towards digital models based on active consent and transparency, such as Talent Relationship Management (TRM). Talent Acquisition teams that adapt to this new landscape can benefit from improved data relevance and candidate experience, ultimately strengthening their Employer Brands. In effect, one could argue that GDPR brings the sense of urgency needed to take Talent Acquisition to the next level.
What should HR do before May 25th?