In an industry underpinned by data, it is unlikely that the acronym ‘GDPR’ is an unfamiliar term to those working in executive search. From May 2018, the rules and regulations regarding the way in which data is stored, shared and moved will change dramatically, and this will have a significant impact on the working practices of the executive search professional, whether working for a search firm or in-house.
A recent survey of executive search professionals revealed:
- 30% haven’t yet taken steps to prepare for the changes to the GDPR
- 55% have started to think about how they might prepare for the changes to the GDPR
- 15% are actively planning for the changes to the GDPR
With a plethora of information available, the first part of this two part series will provide a general overview of the GDPR and discuss the impact of data protection changes on those responsible for executive and strategic hiring.
An overview of the GDPR
The GDPR or General Data Protection Regulation will come into force in the UK by May 2018 and will safeguard European Union citizens with respect to their data privacy rights. The legislation will impact all organisations that are either based in, or do business in, the EU. In essence, the legislation will give individuals greater rights and control over their data by way of consent as well as the power to access, rectify or erase information held and the right to be informed.
What do the changes mean for executive search?
There is no doubt, the changes to the GDPR will have a significant impact on the executive search profession. Any firm that operates in the EU, has clients that operate in the EU, or that processes data on EU citizens are subject to these changes in legislation, regardless of where information is stored, whether it is held in emails, a database or in spreadsheets. The rules will have a similar impact on technology suppliers to the industry, with those who act as a data controller or data processor also bound by and required to comply with the changes to the GDPR. Executive search firms and in-house teams will have to show that their systems and technology are compliant.
With severe non-compliance penalties of EUR20 million or 4% of worldwide turnover, the GDPR will make organisations more accountable for their approach to data and the changes must be given appropriate consideration.
However, whilst there are significant financial and reputational implications for failing to comply with the changes, the GDPR provides an opportunity to improve data quality, strengthen relationships and demonstrate the value of your operations and will be the focus of the second part of this insight series.
Partnering with the right technology provider
At Invenias, we are committed to working in partnership with our customers to ensure a streamlined journey to compliance. Our customers benefit from data protection being at the heart of the design, build and operation of our technologies. Whilst the changes do not come into effect for over a year, investing time in understanding and planning for the legalisation now will ensure that any required changes can be carefully considered and that the GDPR will cause minimal disruption to your organisation.
For a more detailed overview of new regulations, visit www.ico.org.uk.