All Resources

  • All Resources
  • What is the GDPR and How Might it Affect Human Resources and Recruiting?

What is the GDPR and How Might it Affect Human Resources and Recruiting?

Oct 09 , 2017


With the recent data breach at Equifax, it makes a person wonder if any digital information is really safe. People around the world post images and share information with friends. They upload resumes, too. 

It’s all part of the ongoing age of information, but information has value. Where there’s value, there’s something to be gained from taking it. The General Data Protection Regulation or GDPR seeks to tighten security and control the way data is handled and protected. 

For now, the GDPR only applies in the EU. But it will affect American recruiters doing business in Europe. 

What are the Origins of the GDPR?

The General Data Protection Regulation, set to launch in late May of next year, isn’t the first attempt to protect the data of private citizens in the European Union. It replaces the existing and arguably outdated Data Protection Direction 95/46/EC

Data security is nothing new and it’s always evolving. It’s big business, too, as hackers and unscrupulous people learn craftier and stealthier ways to pluck private information and put it to use for their own benefit. 

To a degree, recruiting does the same, but without a nefarious goal. When you search Facebook for people whose information nods in the direction of “job seeker,” you can use it to focus marketing attention in their direction. That’s a win/win for you and the candidate. But not everyone has their best interest at heart. 


What’s the Biggest Takeaway from the New Regulations?

Above everything else, consent is probably the biggest change with the new regulations. Recruiting Daily says it loud and clear, “Consent will become king.” 

Not only must you have consent, the idea of implied consent is a thing of the past. Going forward, consent must be explicit and unmistakable. For every attempt to collect data, you must first explain why you want it in clear, concise terms. Then you’ll have to ask their permission. 

Naturally, that means the person you’re interested in has the right to say, “Nope.” On the upside, consent means you’re in the clear. This is a better way to approach authentic transparency. 

What does the GDPR Mean for American Recruiters?

American recruiters have nothing to worry about with American citizens. Nothing will change if all of your business is American. When dealing with people who are citizens of the EU, even if they’re living stateside, the GDPR will be in effect. That's according to the GDPR FAQ web portal. 

An interesting side effect of the consent rule is that the people who give consent have the right to revoke it. Recruiting Daily gives the example of a rejected applicant. 

If the data in your ATS is part of your talent pipeline, that could end with European applicants, including independent contractors. If they apply and are rejected, they can ask you to delete all of their information. You’ll be obliged to comply. Fines for non-compliance are projected to go as high as “four percent of the company’s annual global turnover or 20 million Euros," says Recruiting Daily. Other possible fines exist for other infractions. 

The GDPR might feel like a giant cramp in your recruiting style, but Recruiting Daily suggests that the long view is a lot better. Candidate experience is serious business these days. With transparency and explicit consent, that should improve. You may even score a few international remote employees in the bargain. 

Recruiting is busy, fast-paced work with what seems like a million regulations to think about every day. If you need a leg up with finding the right talent for your job openings, contact us and learn about the different ways we can help.