The ICO Commissioner Elizabeth Denham stated "make no mistake - The General Data Protection Regulation is a game changer for everyone". However, with less than a year remaining to prepare, the GDPR is still not on many boardroom agendas. With fines of up to 20M Euros or 4% of global turnover and potential reputational damage, what is the sector missing?
What is the GDPR and how does it impact executive search and recruitment?
The core of the legislation is the assertion that an individual’s right to privacy and control over his/her own data is a fundamental human right. Despite being EU legislation, it applies to companies outside Europe when they process data of EU citizens. The GDPR touches everything from assignment work, marketing, database management, personnel records to IT security.
It produces challenges around processing assignment data because some data is provided by the individuals themselves but a significant proportion is gathered without the knowledge or consent of individuals. The regulation requires new processes to be implemented to respond to individuals’ requests to see their data. Firms need to monitor and report data breaches within the required timescales, this requires IT expertise as well as good internal processes and training. Above all it requires the ability to be able to demonstrate your data privacy approach through record keeping, training and documentation.
Legal advice is essential but is only part of the solution.
A common complaint from firms who have sought advice from their lawyers or generic GDPR consultants, is that their advice or approach is impractical to implement.
Having grasped the implications of the legislation, Helen Haddon, a consultant specialising in executive search and recruitment discussed the best approach with Elle Todd, partner and head of Digital and Data at international law firm CMS and Leon Penny, CEO of SynergyGroup. She then set up ComplyGDPR to provide specific solutions for executive search, interim management, in-house and recruitment teams.
What is involved in preparing for the GDPR?
A data flow analysis of a typical executive search firm by ComplyGDPR and CMS discovered that legal drafting is required for approximately 20 documents. This increases for assessment, coaching or interim management activities.
The estimated legal bill faced by firms tackling the GDPR alone is around £15k - £50k depending on the businesses breadth, global reach and type of legal firm consulted. Even with legal advice, a business still needs to translate the advice into policies and processes to embed the requirements of the regulation into their business.
Other costs are training, database clean up and IT Risk audit. Very few firms have the necessary internal resource or skills to adequately prepare for the GDPR. This has left many wondering whether there is a more economic approach to tackling it alone.
What is the most cost effective and efficient approach to preparing for the GDPR?
ComplyGDPR provides a unique modular approach incorporating legal advice, processes, policies, checklists, templates, training, helpline, IT risk audit and technology advice to cover every aspect of the GDPR in a recruitment business.
The ComplyGDPR international team have 75 years’ knowledge from working the sector and the understand the specific implications of the GDPR. The ComplyGDPR approach significantly reduces the cost and time to prepare for the GDPR. It also minimises the risk of missing key implications of the regulation.
Plan your game before it’s game over.
In an industry that is not accustomed to regulation, the GDPR will have a significant impact as it requires that data privacy considerations are embedded into every aspect of the business, this involves business transformation not a tick box approach.
There is still time to prepare but the GDPR clock is ticking.
Start now as there is much to do! Make a plan or you could be dealing with an investigation or even a fine following a data breach as soon as the summer of 2018.
This is the abstract from a more detailed article that can be found at www.complygdpr.com/blog