What is GDPR and what does that mean for your organisation and your stakeholders?
Organisations are under pressure to monetise the data they have access to - to drive informed decision making for commercial success.
But finding the balance between using insights derived from data and ensuring the security of it, is critical.
This challenge became apparent during a session I attended at the recent Hiring Success conference. Rob Symons from SmartRecruiters was joined by an esteemed panel of experts to tackle the topical question, "Are You Ready for GDPR?"
Why is GDPR relevant?
GDPR is an EU regulation but one that will impact any company processing the personal data of subjects residing in the European Union, regardless of the company’s location.
The same can be said for any, newly introduced and regionally-focused measures. Regardless of the jurisdiction you fall under, data privacy has never been more important and now’s the time to tighten up your databases.
How can we strike the perfect balance?
So, as we come to terms with GDPR and other, new and heightened data privacy regulations, what are the key considerations recruitment and HR professionals need to keep in mind?
1. Understand your stakeholders’ rights
As was discussed during the Hiring Success session, we are going to continue to hear more about the “right to be forgotten”.
With candidate, staff, client and referee data all being transferred across multiple platforms, under GDPR all stakeholders will have the right to request that their data is deleted.
While data destruction is something that differentiates GDPR from other data privacy regulations, only storing data for as long as is necessary is a good habit to get into.
2. Analyse the data you have against the data you need
As discussed by my colleague, David Haines, in a recent blog, GDPR guidelines outline a number of factors to determine whether data gathering processes are of “legitimate interest”.
Again, the Hiring Success session was on the money when it turned to the importance of knowing what data you want, why you want it and what you need to do to protect it.
Organisations must look at the data they already hold, ask why it is needed and determine where it should be deleted. A second step in this process involves looking at where data is stored and who has access to it - if it is accessible for external suppliers, are they compliant?
3. See new data regulations as an opportunity
Finding the best way to utilise data while keeping it secure doesn’t have to be daunting or overwhelming.
It can actually be a great opportunity. A data audit will leave organisations with a much more streamlined and strategic dataset, that is available and used only as it should be.
And, frankly, the less data you have to lose or expose in the event of a breach, the better.
4. Don’t let data limitations stifle innovation
The Hiring Success session rightly concluded that GDPR is going to completely change the way we do recruiting.
But that’s not to say it should lead organisations to neglect their efforts to innovate.
A recent Forbes article put this perfectly, stating “Organizations must continue to invest in and devote the proper resources to both compliance and developing data-based business models because, ultimately, it’s the latter that will drive progress.”
While we must all invest more time in understanding data privacy, we must also find a way to do so while continuing to grow and evolve our businesses.
It’s all about striking the right balance.