The GDPR (General Data Protection Regulation) deadline and the wave of GDPR emails and notifications has now (thankfully) passed. No more constant unsubscribing from mailing lists or wondering how the likes of JD Sports got your details in the first place. Companies will now have to adjust to the new regulations and ensure they are GDPR compliant. This will be a big change to the recruitment industry and HR arms of businesses. For us at Caselton Clark, this is great news as we have always taken these kinds of issues seriously and hope that the larger recruitment market would adhere to the same standards. Caselton Clark won’t have to drastically change the way we work, but GDPR will hopefully reduce the number of possible ‘cowboy recruiters’ and the mishandling of candidates’ personal data.
Recruitment departments and agencies will, quite rightly, have to pay a lot more attention to the way in which they interact with candidates and their personal data. The fines for failing to do so are serious (20 million Euros or 4 percent of annual global turnover – at its worst). Although in these early days of GDPR the top fines will be rare (the regulation will take effect after a two-year transition period), but that is no reason to become complacent.
GDPR is a complex, and at times, daunting undertaking. But what does it really mean for the intellectual property recruitment arm of your business? What will you have to do to become GDPR compliant? And how will this change your working relationship with recruitment agencies?
Changes to Make
1) Have a GDPR ‘Officer’ – At Caselton Clark, we have one person who is our ‘GDPR Officer’. This is the go-to person for all things GDPR related. They have done the most comprehensive research into this legislation, they have followed the compliance process from scratch and they should be able to handle any queries on the topic. If you don’t already have someone who handles this, you should take this into consideration as this way you are centralising all the areas you may be exposed to GDPR errors and have a plan of action on how to approach this. This person can then easily teach others on how to follow the GDPR rules. Do you have a GDPR ‘Officer’ in your workplace?
2) Ensure the agencies you use are compliant – So far, we have only had one of the IP law firms we work with approach us and ask the steps we will take to be GDPR compliant. This is a surprise as it is important for businesses to know how the agencies that supply them with candidate profiles approach their harvesting of personal data. Have the recruitment agencies you work with mentioned their approach GDPR? If not, it might be worth double-checking with them how they are becoming GDPR compliant and the changes or checks they are putting in place to ensure this. Particularly if you refer to recruitment agencies as part of your recruitment privacy notice/disclaimer.
3) Storing candidates’ data – When recruiting for a position or multiple positions at a time, it can be a long-winded and intense process. You can have the combined efforts of internal candidate submissions, recruiters sending over CV’s, referrals, and other ad-hoc ways of receiving profiles. This can easily lead to a large stockpile of CV’s in your database, something you should think twice about sitting on once the position has concluded and the profiles are of no further interest.
One IP firm we are partnered with has recently made a smart change when presenting a new position – They now make it clear when briefing the recruiter that any previous CV’s sent have been ‘destroyed’ and they will only consider those that are specifically applying (or re-applying) to the new position. For example, if a firm is recruiting for a Trademark Secretary and has done so before, when briefing the role to recruiters they can make it clear that any CV’s submitted for the previous Trademark Secretary position(s) have now been erased from the system. This is a quick way of erasing the profiles and personal data of those who are no longer relevant and ensuring those who are submitted are properly informed of the role.
Likewise, make sure you let the recruitment agencies you are partnered with know of any changes you are making to your recruitment process. For example the earlier mentioned CV’s being ‘destroyed’.
5) CV uploading – Some of the firms we work with have opted to (while others always have) operate a CV uploading system for applying candidates, rather than a specific person to send profiles to. This can add another level of control to the recruitment process. For example, you could add a check (such as ticking a box) that states the person uploading the CV has permission to do so, ensuring no personal data is being supplied unwillingly. Another example allows you to search the names of those already submitted, stopping possible duplicate applications.
GDPR will be a learning process for everyone. Once implemented however, it will be a system that would benefit all parties involved in the recruitment process. By taking some of these steps you would help your recruitment process, while also helping to stop duplicate applications, stockpiles of CV’s, and mishandling of candidates’ data.
If there are any points you would like to discuss or if you have any queries about intellectual property recruitment. Please get in touch with Caselton Clark’s Head of Intellectual Property Recruitment, Stephen Gill.