Are you getting ready for GDPR?

Matt Buckland | Workable features |

By now, we’ve all witnessed the collective panic that is the recruiting industry’s response to the General Data Protection Regulation (GDPR). Despite advance notice of the 25 May launch date, many recruiting teams are only just drawing up the lines between legal and HR. They’re far from ready.

But the truth is, if you haven’t begun to action your GDPR checklist, it’s unlikely you’ll be ready when GDPR finally arrives. So what should you consider as a matter of urgency?

Carry out a data risk assessment

Start by reviewing how you manage personal data across your organisation. From understanding the data you’re requesting, to how that data is stored and what you’re using it for, a data risk assessment identifies any data protection, information security and privacy risks.

Risk assessments also help organisations classify processing activities according to the risks to the individual. Everyone who accesses and holds data is accountable. Assessments bring compliance to the fore and help teams devise appropriate mitigations. “But we’ve always done it this way” is not a good excuse. The old ways of working are no longer valid.

It’s likely you’ll uncover all manner of horrors at this stage; no, it’s not ok that your desk drawer is full of old resumes. And that folder on your desktop labelled ‘Good ones to keep for later’ might also need attention.

Choose the right hiring tool

Risk assessment complete, now’s the time to evaluate your recruiting software. You might find that your current tools aren’t quite cutting it. All the good will in the world won’t help if you’re storing your data in a leaky bucket. Using a robust recruiting tool—whether it’s a Candidate Relationship Management tool or an Applicant Tracking System (ATS)—is a great foundation for GDPR compliance.

The best tools will be GDPR-compliant. They will add efficiencies to your organisation’s recruiting processes and be flexible enough to support future compliance obligations. Better to prepare and embed change now than wait until 25 May and hope everyone can make the quick switch.

But your responsibility to regulation doesn’t stop there. Whatever tools you choose to implement, they should augment a compliant culture.

Build a GDPR compliant culture

Communications theorist and sociologist Everett Rogers argues that “diffusion is the process by which an innovation is communicated over time”. He identifies four main elements which influence the spread of a new idea: the innovation itself, the communication channels, time, and a social system. While the GDPR will mandate change, the compliance departments that want to make this happen should acknowledge the need to change behaviour.

For Rogers, the adoption of any new system across an organisation can be split into different adopter groups: innovators, early adopters, early majority, late majority, and laggards. The GDPR must become part of corporate culture—organisations are both the aggregate of its individuals and its own system with a set of procedures and norms. Adopting new behaviours where data and privacy are concerned is important for the whole organisation. GDPR compliant organisations simply can’t afford to have late adopters or “laggards”.

By 25 May, recruiters and human resources professionals will need everyone on the team to understand their own role in data gathering and processing. And new processes and expected behaviours will need to be written down as policy. It’s the responsibility of everyone in the organisation to take on board the regulations, adopt them as behaviours and embed them as culture. With clear standards set, everyone can align with updated expectations, from established members of the team to new recruits.

Don’t wait to take action

Changing to a modern, GDPR compliant ATS is now relatively painless. Making a cultural change can take a lot longer. Perhaps it’s finally time to sort through that folder full of resumes? However you plan to start, the time to act is now.

To find out more, watch a video of our Q&A with a leading lawyer in the field of data privacy and security:

Alternatively, try the GDPR Readiness Evaluator. Answer 14 questions to see how ready your organization is to recruit in line with GDPR. Use the results to help plan and action your own GDPR compliant recruitment process.

Looking for an all-in-one recruiting solution? Workable can improve candidate sourcing, interviewing and applicant tracking for a streamlined hiring process. Sign up for our 15-day free trial today.

Get a free trial

Matt Buckland

Matt is the VP of Customer Advocacy at Workable. A Workable customer-turned-employee, he was previously Head of Talent and Human Resources at a fast growing UK startup. Find him on Twitter at @elsatanico.

Get jargon-free hiring advice

Latest in this category

How to use Trusted Employees with Workable

Speed up background checks with our Trusted Employees integration

We’ve added a lot of new integrations this year and we’re not stopping now! Trusted Employ...

Workable mobile app

How our customers use the Workable mobile app

You have to admit it – it’s all digital these days. You, like most people, probably ...

Sourcing tech talent with workable and co-hire

Use Workable’s integration with co-hire for sourcing tech talent

Finding great candidates for hard-to-fill tech roles is a challenge many start-ups and fas...