At Priority Recruitment we have always taken data protection and candidate data security very seriously.
Our GDPR journey started in early 2017, once we understood the wide-reaching implications that these new regulations would have on our industry.
We understood early on that our choice of technology partners would be key in supporting our GDPR compliance journey and ensuring we have a robust and compliant system & processes in place. Whilst focusing on the compliance of our own internal systems and ensuring that we, as a service provider, are GDPR ready we also have a responsibility to all our clients to support their compliance too.
Following a DPIA (data protection impact assessment) of our system in early 2017 we made significant investment in our website & ATS systems. These new systems follow the requirements of the GDPR, including new compliance modules built with the principles of privacy by design and privacy by default at the core, with a flexibility to be upgraded and developed as the rules and requirements are finessed after “real world” testing of GDPR.
We embrace the development and implementation of GDPR as whilst we don’t think the dynamic and flexible recruitment industry would be best served by heavy government oversight, as an ethical and values-based recruitment company we are well aware there are those in the industry that unlike us, will need to make wide ranging changes in their practises to accommodate GDPR compliance.
Anders Christiansen - Managing Director, Priority Recruitment & Kieron Smithson, Data Protection Officer, Priority Recruitment
The Data Protection Bill updates data protection laws in the UK, supplementing the General Data Protection Regulation (EU) 2016/679 (GDPR), implementing the EU Law Enforcement Directive, and extending data protection laws to areas which are not covered by the GDPR. It is intended to provide a comprehensive package to protect personal data.
The GDPR will replace the 1995 EU Data Protection Directive, strengthening the rights that EU individuals have over their data and creating a uniform data protection law across Europe.
The Data Protection Bill seeks to empower individuals to take control of their personal data and to support organisations with their lawful processing of personal data.
Priority Recruitment is a data processor for its clients under the GDPR. We are committed to address EU data protection requirements and will comply with applicable GDPR regulations as a data processor when they take effect on 25th May 2018.
We will support all our clients in meeting their GDPR obligations, however they are ultimately responsible for the data they hold as well.
As part of this commitment towards our clients and our own business, Priority Recruitment has provided fully documented staff training on data privacy and the GDPR. This applies to every member of staff across the Priority Recruitment business.
What should you do?
You need to prepare for the GDPR as a data controller / processor.
- Audit your data and processes for data capture.
- Review your process documentation.
- Ensure you have a lawful basis for processing the data.
- Examine your IT infrastructure, including security and identify weak points.
- Take legal advice for guidance applicable to you and review the GDPR guidance on the ICO website.
If you have any questions, please get in touch with our Data Protection Officer here.