With GDPR setting in, it might be time to start thinking about adapting your recruitment process, updating your recruitment software and transforming your pre-selection strategy.
What is GDPR?
So, what exactly does the data protection act protect? In short; PPI (personally identifiable information). The important thing to know is, what counts as PPI; in its simplest form, factors like name, email, and address but what you may not realise is data created through video interviews, social networks, biometric assortment and location services also counts; all of which are or can be used during the recruitment process.
Some of the processes that will be changing with GDPR are the rights of the candidate; it will be mandatory to allow access to personal data held on them upon request, as well as deletion of, and information on how, where, and why their information will be used. In terms of restoring client/candidate control; the meaning of consent will also change, CV ‘speccing’ can no longer be carried out through implied consent, recruiters will have to wait for direct consent from candidates before storing, using and sharing personal data obtained from professional online profiles such as job boards for instance, SMS and email marketing will also have to be opted in by the candidate as additional consent.
Recruitment process and GDPR
So how can you improve your recruitment process to avoid some of the hassle of GDPR? One of the most important resolutions being advised to businesses is creating a centralised system to store all your contacts and their information in one place; something that is a stress-free task with the latest technology in recruitment software, i.e. video interviewing platforms. With a personalised pre-selection platform, you can keep all your candidates and their information in one location. Candidates will have access to view what information is held on them and can manage their own data, which covers their rights, and as consent is given through direct application; viewing, storing and managing their personal data is not an issue. Another significant requirement of GDPR is record keeping, any data handling activity from obtainment to use, to ATS and on-boarding needs to be documented. Using a specialised platform can help you manage your data storage activity, all your pre-recorded videos, candidate selections, information and analytics are stored as you go along and ATS activity is tracked and secured.
Recruitment solutions to GDPR
With 72% of candidates more likely to accept a job offer from companies using multimedia in their recruitment process it makes sense to look into innovative advancements that can improve employer brand image and candidate journey. Valerie Boyere; O2’s career manager experienced a 75% return rate with 4.500 permanent recruitment contracts from using EASYRECRUE’S video interviewing software. Just one of many success stories to show a vast improvement in hiring methods and ease conventional practises now that GDPR will be coming into effect, and Brexit isn’t far behind. The recruitment of diversity among quality candidates in abundance becomes easier when candidate’s perception of a company is positive and pioneering, 81% of candidates viewed companies who used video interviewing as more innovative, not only that but the candidate journey is viewed more optimistically by applicants. Candidates feel like they can express themselves more than they are able to on a CV, this will come in handy with all the unused CVs that need to be discarded of following GDPR protocol; profiles may only be kept if relevant to a position and obtained through direct consent.
Another important enforcement of GDPR is security, it is vital that companies ensure security measures are in place to protect their data, and safeguard against hacking; this could be done through encryption, testing, assessment of software safety and its compliance with GDPR. Video interviewing, however, may be able to remove the hassle of security checks with included data encryption, EASYRECRUE’S platform for e.g. comes readily safeguarded against data hacking and password decryption, updating your recruitment software to match a needed level of security will go a long way in removing risk of security breaches which need to be reported within 72 hours to the ICO in order to avoid substantial fines.
If you’re using traditional recruitment methods when GDPR comes into effect, a few things to note are:
- Ensure awareness of the ins and outs of candidate data, from obtainment to the ‘why’ and ‘how’ of use, everyone involved in data handling processes needs to have a working knowledge of the activity of personal information throughout the company.
- The use of data activity tracking is to create a paper-trail, all information collected, and its management needs to be recorded, as consent at any stage may need to be proved.
- You will need to create a documented review of how CV’s are being sourced, as well as audit old data to verify and be able to prove its’ storage is legally valid.
- If you hire a large number of employees, i.e. over 250, a safe precautionary measure would be to appoint a data protection officer to help eliminate risk of security breaches and data mishandling.
- On the whole, be aware of how 3rd party organisations, suppliers and automated systems use and process data for your company.
Other than that, remaining compliant shouldn’t be too much of an issue as long as you keep an eye on your data movement, implement advised practises and are generally aware of legal changes. Deciding to update your recruitment software may be useful when taking into account the effects of GDPR and Brexit, it will make things run smoother at the pre-selection stage, however, remember that your company will still be responsible for correct data obtainment and handling at the sourcing stage of your recruitment process. At the pre-screening phase, a stand-alone video interviewing solution with pre-recorded and live video as well as assessment tools will avoid you using separate applications to manage your contacts, helping you remain compliant with GDPR standards.