If you cast your mind back to last spring, despite increasing column inches being dedicated to Brexit, a royal wedding and the World Cup, you could barely move for talk of GDPR. There’s a good chance that you were besieged with emails from companies you had never interacted with online, asking you to resubmit personal information and grant permission to be contacted in future. GDPR was on its way, and there was no escaping its arrival.
That reality weighed particularly heavily on those of us in the recruitment industry. Twelve months ago, we were all coming to the end of a period of intense preparation for the most important change in data privacy regulation in 20 years. As we approach the first anniversary of GDPR implementation, the regulators have shown they are serious about handing down substantial fines to organisations not adhering to the legislation. And the added reputational damage caused by non-compliance is proving to be even more costly (as the likes of Morrisons have found to their cost).
The reality today is that even modest data protection breaches can cause reputational damage and lead to a loss of trust that may have taken years to build. Questions will also be raised about the efficiency of your organisation, even boiling down to how well the business is run.
For example, HM Revenue & Customs – already absent from most people’s Christmas card lists – will have done itself no further favours with a data breach around the use of voice identification software. Organisations wishing to use the latest technologies clearly need to remain mindful of the data protection implications.
Penalties for data breaches were often heavy before GDPR came into effect, as Facebook’s £500,000 fine for its part in the Cambridge Analytica scandal demonstrated. But this has been dwarfed by punishments meted out since GDPR legislation came into full effect, with the eye-watering €50m penalty incurred by Google in January being the largest to date.
This step-change increase in fines is worrying enough, but things could have been even worse given that GDPR legislation allows for companies to be hit with fines of up to 4% of their annual worldwide turnover. For a global giant such as Google that would mean billions of pounds, a far greater financial deterrent than the previous slaps on the wrist.
Consider what that means for smaller businesses trying to compete in an increasingly uncertain environment. A 4% loss of turnover would be at best unpalatable and at worst disastrous. Recruiters are at particular risk given the number of candidates – and therefore personal data – they have on their books. With reports that two-fifths of companies still rely on paper filing systems, there is clearly more work to be done to ensure that procedures are fit for purpose and organisations are treating personal data with the respect it warrants.
Recruitment companies working with temporary workers are likely to deal with particularly high volumes of candidates, so adhering to the regulations brings significant challenges. Fortunately, there have been substantial advances in technology that can help companies comply robustly with the latest regulations when managing their workforce and recruitment processes. Using a secure vendor management system such as myPixid, for instance, can help companies with the ‘five Cs’; namely complete processing, communication, control, cost-effectiveness and, most pertinently here, compliance.
Pixid can provide all the security and data protection functionality – such as advanced digital signature capabilities – you need to meet your GDPR obligations. Letting us take care of your compliance leaves you free to concentrate on placing the right people in the right roles.
If the challenges of GDPR compliance are weighing on your mind, just get in touch with our team for a chat.