The new EU General Data Protection Regulation (GDPR) legislation is coming into force in May of 2018. From then, citizens across Europe, sometimes in the roles of consumers, and sometimes in the role of job applicants, can rejoice at their rights being protected a whole lot better. The title to their personal data is secured, giving them power over which data is stored, where and why. It all started with Maximillian Schrems, an Austrian citizen, filing out a complaint on the EU Data Protection Directive and bringing it all the way to the European Court of Justice in Luxemburg. His protest resulted in The Court’s declaring that the Commission’s US Safe Harbour Decision is invalid. Read the official EU Court of Justice press release here. Quite a shocker that after 20 years Directive 95/46/EC was suddenly obsolete.
In both my personal and professional opinion, data protection has been a mess for quite a while. And that does not necessarily have much to do with the original Directive or the European Court’s decision to declare it void. The real problem was, and still is, that every individual country in the EU has its own data protection laws which are sometimes interpreted by regional data protection authorities. I am a European citizen, fact which is also stated in my national passport, and would like to believe that a Europe that protects my personal data does exist. With current data protection regulations being all over the place, it feels like protection of my personal data is also all over the place. EU-GDRP will finally change this. Thank you Maximillian Schrems, thank you European Court of Justice and thank you European Union!
In recruitment, personal data plays an important role. Recruitment is an exchange of personal data as part of a transaction for a job. Modern day recruitment knows to put the candidate at the heart of the recruitment process. Where else to be honest? If you make anything less of the candidate than the VIP of the application, you are not doing a good job as a recruiter. Why should protection of candidates’ rights to their own personal data be anything different? Applicants should play the lead role in the transaction around a new job and have full control of their participation in the exchange process. If you dissect the EU-GDPR and look at its relevance for recruitment for example, things are quite logical, really.
Please note that the below summary is incomplete. For a full debrief on the impact of EU-GDPR on video recruitment, you can review our white paper: EU General Data Protection Regulation and Video Recruitment.
• Data subjects (read: candidates) will need to provide voluntary consent to the storage of their personal data – THAT MAKES SENSE
• Data storage is required to be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed – I AM ON BOARD
• Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language – LOGICAL AND MAYBE ALSO SOMETHING THAT THE EU COULD CONSIDER WHEN WRITING LEGISLATION 😉
• The purpose of the data processing must be made explicit – WHAT ELSE
• Data Subjects (candidates) have the right to view what personal data is being processed, where and for what purpose – HELL YEAH, IT’S MINE ANYWAY
• Also known as Data Erasure, the Right To Be Forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data – MAYBE THE MOST CRITICAL ONE IN MY OPINION.
When you read these points, you probably realize that this is a ‘normal’ that you would have expected to be there for some time already. Yes, I would like to be in control of my own data, know what data is stored, where it is, and be able to ask for the data to be erased. It is good that we will have a harmonized ‘normal’ across the EU, making it so much easier for candidates, employers and intermediaries to share the same common sense across the EU… finally!
PS: An important element of the EU-GDPR is the “Privacy by Design” principle, which calls for the inclusion of data protection from the onset of the designing (and development) of systems and processes affecting personal data, rather than an afterthought.
In summary: It is all about accountability and transparency. Your candidates already expected this from you when they applied for a job and, with EU-GDPR, they will now be guaranteed to get it. Don’t drop the ball and always look for ways to exceed these expectations regardless of whatever law or legislation is in place. Surprise and delight!