Almost 2 years ago in May 2018, the EU implemented the General Data Protection Regulation law. What this essentially meant is that the GDPR aims primarily to give control to individuals over their personal data? Is strengthen the privacy of that data?
In the case of companies receiving any personal data. Most of the burden to comply with the regulations has been placed on them.
This was a change that primarily affected companies with recruitment processes. Businesses could no longer simply receive applications and resumes. Choose the best candidate and move forward. There now needed to be strict guidelines that need to be followed.
How it changed the recruitment process
I think that the main things recruiters and companies needed to do differently was to be completely transparent with the data they were processing, allow the candidates to have constant access to their data in order to be able to change it at any time, and clearly map all of the types of candidate data you are collecting. But above all, most important for recruiters to comply with GDPR was being able to gather and store consents from candidates to keep and process their data.
With that said, recruitment teams had to keep in mind. What kind of data are you collect. are you collecting personal data (and for what purposes), where your data is being stored and who has access to the data, what are their processes to making sure they can delete any data? This list goes on. Just focusing on the changes mentioned. Above, for many companies (especially larger ones) this was not an easy task – as they would operate with thousands of resumes and personal data sets, across different departments and teams.
A lot of companies had to do a data cleanse of personal data. They did not have a consent form. But more importantly, companies had to figure out quickly how to comply with all of these changes quickly for future recruitment, because of the threat of very large fines.
The best way to comply with GDPR
For many recruiters, the easiest and safest way to comply with the GDPR laws was to conduct their recruitment processes through ATS. That would allow companies to comply with guidelines during recruitment. Example: automating consent emails, giving logins to candidates to manage their personal information, and organizing the flow of personal data stored. Applicant tracking systems automate and keep recruiters up to compliance with the necessary information and management systems. But an ATS can only do so much to make the work manageable. Companies and recruiters still need to manage the necessary information to pass on to candidates when collecting their data. My suggestion is that if you hire a data security manager you can keep everything running smoothly.
But once companies and recruiters have the tools, technology, and information. Their recruitment processes will run just as smoothly and quickly as before May 2018.
One of these technologies is HelloAstra, an applicant tracking system that is built to be GDPR compliant and take on that responsibility. HelloAstra
offers features such as a candidate panel, which is a personal site for
candidates that applied where they can see their consents and personal
data and modify or delete them at any time. It also complies by being
able to instantly remove personal data from the platform. Requested,
making sure the candidate has full control over their information
storage.