The General Data Protection Regulation (GDPR) is a regulation adopted by the European Parliament on 14 May 2016. The GDPR is meant to safeguard the data privacy rights of European Union citizens and affects any organisation that is based in the EU or does business in the EU. Many companies will be subject to new standards of data integrity imposed by GDPR.
The GDPR law will affect any executive search firm that:
- Work in the EU
- Have clients that work in the EU
- Have sources, prospects or candidates that are EU citizens
- May one day in the future partake in any of the above
- Works in conjunction with another firm that meets the above criteria
The penalties for non-compliance if discovered are high and can reach up to €20 million in fines. Liability for a security breach exposing non-compliance can be even more catastrophic resulting in the same penalties plus liability to the individual and horrible impact to reputation.
Technology Will Be Essential
Understanding your obligations is one thing, but implementing these new protocols into your processes is a challenge. Information security checks and specialized task functions help solve the duplication of operational efforts that can result from the GDPR.
Information Security Checks: Every executive search firm needs to assure there are strict security measures in place to safeguard personal data of EU citizens, and must have the ability to properly document it. Data floating between programs such as Outlook, Word or Excel or even your shared folders is disorganized, vulnerable and fragmented. Some databases configured this way will not meet the new standards set by GDPR. Find and partner with a data systems provider that is certified with Privacy Shield and can deliver audit details and documentation proving your recruitment software is compliant.
Specialized Task Functions: Executive search is distinct from other professional services due to the volume of personal data that is collected, extracted and stored. For example, under the GDPR law, EU citizens have the right to request their name and data be deleted from your database. This can easily be done, but how do you prevent your candidate ID process and administration from re-entering that same individual back into your database? Placing this candidate on a ‘hands-off list” will conflict with his or her original request. Cluen’s specialized technology solves the problem of this paradox – you can be compliant in your deletion of a record and every instance of that name, and yet, have a way to alert you should you ever try to enter the same name again.
Cluen has taken a proactive approach to GDPR by innovating and integrating new technology features and developments that will save time and solve complex situations. With less than two years until GDPR takes full effect, you need plenty of time to be comfortable and knowledgeable of your software’s compliance.
Plan Now Or Pay Later
Start understanding all of the available solutions over the coming months and take advantage of the resources available. Review GDPR regulation information online and speak with an attorney to understand next steps. Speak with your recruitment software partner and seek their suggestions and advice.
Once all options are identified, take time to decide what approach best fits your firm and plan for 6 to 10 months to fully implement. Reduce the administrative burden by spreading the integration over time like this. The most cost effective results are well-planned and thought through. Waiting until the end of 2017 to explore options may interrupt productivity and be burdensome on teams. Reacting to an emergency in 2018 after GDPR takes effect will be costly, damaging and incriminating.
There is ample support from advisors that know your business. With the right processes and technologies in place, you can differentiate your firm from the competition and assure your clients you adhere to the highest standards.