Connecting to LinkedIn...



GDPR - What does it mean for candidates

Posted on 3/05/2018 by


On the 25th of May this year GDPR will come into force across the European Union and in the first part of our series on GDPR we explore what it means to you the candidate…


First, when we refer to data what do we mean? Well GDPR defines personal data as the following;

“any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”

These identifiers can be wide ranging but generally include name, any id number, location data or any online identifier (think twitter handle or LinkedIn user name)… this in essence is your personal data, and typically this is all collectively found on your CV.


How your data is collected?

Well the traditional methods of your data being collected is either a) you apply for a role (at which point you are consenting to at least have a conversation with a recruiter) or b) you’ve put your cv on a job board at which point the consultant has accessed this and should (as all our consultants do) ring you to discuss a potential role. The key here is that the recruiter should always be asking for your consent.


How your data is processed?

The main way that an agency processes your data is by sending your CV to a prospective client, again every single time your CV is sent a consultant should be asking you for your consent as a matter of good practice, not because GDPR says you are now at risk of prosecution.


How your data is stored?

Again, previously consultancies would be allowed to take your details and store them not only on their database but elsewhere without fear of the repercussions of GDPR. Now your data should only be stored on a central secure database … and again only with your permission.


How you can access your data

One other good thing to come from GDPR for the candidates is that there must be a clearly demonstrated way of being able to access your data and where required delete it, should the candidate request this. So, for example in the case of Access plc we have an appointed Data Protection Officer and a set of procedures in place to ensure candidates can access this as and when required.


In Summary

You may have noticed the main theme of this has been that candidate consent is at the forefront of this and whilst GDPR is being whipped up to a fever pitch reminiscent of the millennium bug, we see this as only a good thing.

This is going to bring about positive change for both candidates and the recruitment industry. Certain bad practices should in theory be wiped out (maybe not overnight but certainly with time), and hopefully we won’t all continue to be tarred with the same brush.

Here’s to May 25th