GDPR

Banner image

How the general data protection regulation changes recruitment and job adverts

How the general data protection regulation changes recruitment and job adverts 1200 628 HR-ON

The new General Data Protection Regulation (GDPR) will change the way we advertise jobs and recruitment in general. Get ahead in your recruitment efforts with some more information.

Article updated in May 2018.

The General Data Protection Regulation is changing the way companies recruit – this is generally good, but it will increase the complexity of online recruitment for some companies.

In this article, we will focus on what you need to ask in your job postings and what data you must collect from potential candidates in the future when the new Personal Data Regulation enters into force at the end of this week, on May 25, 2018.

You will find answers to the following questions regarding online recruitment:

  • What kind of data will be allowed in recruitment?
  • What are you allowed to ask your candidates according to GDPR?
  • What you should be able to document for data protection?
  • How to avoid unwanted information?

WHAT DOES THE NEW GENERAL DATA PROTECTION REGULATION ALLOW?

In reality, there is not a big difference in the kind of data you are allowed to collect before and after the General Data Protection Regulation. The key difference is in your documentation and in the processing of data.

Therefore, you can expect some extra work in the processes before and after the collection of data. For example, it is necessary to argue the reason behind the collection of certain kinds of data in connection with recruitment.

Therefore, as a recruitment officer, you need to cast a critical look at the data you collect about your candidates.

A CRITICAL EYE FOR YOUR VACANCIES

Not all the knowledge and data you collect is relevant to evaluate the best candidate for a specific job vacancy.

With the new Personal Data Regulation you need to look at the application form(s) you use and answer the following questions:

  • Are all questions relevant to find the right candidate?
  • Do you collect sensitive information?
  • Have you documented your assessment and positioning of the above?

When the General Data Protection Regulation comes into force on Friday, it is important, that you have thought about and implemented these questions in your recruitment routine, so your online recruitment process meets the requirements of GDPR.

Try the risk assessment tool provided by HR-ON.

IMPORTANT KNOWLEDGE OR INDIFFERENT INFORMATION?

To start with the first question, it is important that you do not have unnecessary questions on your application form.

Is it still relevant to know your applicant’s place of residence, or is it a superfluous information that can be substituted with the candidate’s general zip-code, to know if they live nearby? Most people already communicate by phone or e-mail, so you probably do not need to send a letter to any of your candidates via mail.

Place of residence is, therefore, in most cases, an example of unnecessary information from your applicants.

When the General Data Protection Regulation comes into force on May 25th, it is important that you expound the information and data, that you gather from candidates. The Data Protection Agency will be critical to both redundant and useless data collection from candidates, which can be at risk – especially if there is sensitive information among them.

Which leads us to the next important point.

WHAT KINDS OF DATA DOES THE GDPR ALLOW YOU TO COLLECT AND STORE?

In the European Regulation, it is distinguished between two kinds of personal data: general information and sensitive information.

The level of data security and documentation depends on the type of data you want to collect. Especially your measures in case of data breaches and leaks.

Examples of the two different kinds of personal data can be seen in the table:

General information Sensitive information
  • Name
  • Address
  • E-mail
  • Prior offenses
  • Passport, drivers license etc.
  • Journal number
  • Racial or ethnic background
  • Political, religious or philosophical beliefs
  • Professional memberships
  • Health as well as sexual relations or orientation
  • Social security number (Has a grade outside of scale)

If you only want to collect just general information, it makes sense to obtain a so-called ISO 27001 certification.

You can read about ISO 27001 certification here.

As a general rule, you should only collect common information, as sensitive information has much higher information security requirements.

GDPR REQUIRES DOCUMENTATION

One of the most important points in the new General Personal Data Regulation, in relation to your recruitment and job creation, is documentation.

In order to be GDPR-compliant with your questions in the job posting, it is important that you not only have a critical look at the data and questions you ask your applicants – you must also prove that you have been critical of them.

In practice, this means, that you will need a handbook or documented guidelines for questions in vacancies that you can refer to if the Personal Data Agency comes knocking at the door.

For many recruitment officers, it will therefore make sense to use standardized questions in job vacancies to avoid documentation and argumentation for data collection in all job listings and posts.

HOW DO I AVOID SENSITIVE INFORMATION?

Now you know, what you are allowed to ask your candidates and how to document your recruitment process.

But your applicants can still send you sensitive information through mail or your recruitment system – and that can actually become a problem for you. According to the General Data Protection Regulation, you are still obliged to take measures to ensure that you do not receive sensitive information from people.

In the vast majority of cases, it will probably be enough to point out, that you do not want to receive your applicants’ social security number, health history, information about political or religious beliefs and other sensitive information.

In other cases it’s hard to get rid of them; for example on exam papers, which almost always have the social security number printed on them.

But since HR-ON has as its declared purpose to make recruitment easier, we have implemented technical solutions that can automatically sort out much of the sensitive information.

Read about the future of e-recruitment here get a demo before the GDPR is coming into force on May 25, 2018.

Banner image

Social media and GDPR: What will change?

Social media and GDPR: What will change? 1200 628 HR-ON

May is approaching, and the worries related to the GDPR (General Data Protection Regulation) are increasing as well. The date is fixed and the purpose is clear: this regulation will protect our personal data as any other law before.

So far, we know that GDPR will touch every aspect of our life, from the private to the professional ones. For example, the data that we will include in our CV will be protected by cloud-based systems, where the companies will be able to store every CV and cover letter received without storing personal data on their computers.

But what about the huge amount of data that we use when we are browsing our favorite social media? What about Facebook?

Facebook vs GDPR

Well, the group of Menlo Park didn’t want to be left behind and in order to be fully GDPR-compliant, will let the users manage their own data to protect their privacy. In the privacy section of your own profile, you can already read about their efforts to do so:

“The information you share on Facebook remains your property. This means that you decide what to share and with whom you share it on Facebook and you can even change your mind. That’s why we provide you with the tools to eliminate anything you have published. We remove deleted content from your diary and our servers. In addition, you can also delete your account at any time.”

They will be finally able to check who can see their content and the reactions to the posts. They will have the possibility to manage their tag on the posts and much more, in an easier and clearer way.

Moreover, the social media will let its privacy principle be public, in a surprising move of transparency. In the aftermath, pushed by the coming into force of the GDPR, Facebook will let the users know, how their data will be used. This will be possible thanks to a new control center, but it might result in some alterations in the way Facebook users will navigate the social media platform.

Less time on the newsfeed

In fact, Zuckerberg affirmed that this new strategy will probably decrease the amount of time spent on the platform. But this will be probably the best decision for its brand: more transparency, more trust gained from the user perspective and a full compliance with the new European rule that is altering the whole world.

It is already possible to check the privacy principles of Facebook on this blog post.

 

And you? Which changes are you doing for your company?

Fill out the information and we will contact you as soon as possible.

FÅ EN GRATIS DEMO

Lad os ringe dig op og aftale en uforpligtende demonstration.

HR-ON Logo
OM HR-ON

HR-ON er en cloudbaseret programpakke, der gør jeres HR-arbejde lettere, sjovere og ikke mindst meget mere effektivt. Kort fortalt får I styr på hvem, der skal gøre hvad og hvornår. Samtidig har I overblik over, at det rent faktisk også bliver gjort.

Børsens Gazelle pris 2018
Logo af virksomhedspagt
Charter mangfoldighed
ISA

Østre Stationsvej 27, 3   //  DK-5000 Odense C   //  +45 71 99 07 27   // sales@hr-on.com //  CVR: 34474540