What is GDPR?
GDPR is an acronym for the General Data Protection Regulation and is the framework which is replacing the Data Protection Act 1998, from 25th May 2018.
The intention of GDPR is to align data protection laws across the EU and will update the current regulations in the ever-changing working environment. The GDPR sets out the requirements for how organisations will need to handle and protect personal data, and will be covered by a new Data Protection Bill.
The Regulation will apply to any company processing the personal data of individuals in relation to offering goods and services. The GDPR will continue to apply to UK businesses, regardless of Brexit as the UK will continue to remain a part of the EU until at least 2019, regardless of Brexit negotiations. It is also likely that any replacement legislation post-Brexit, will be largely similar if not the same as GDPR.
Are there fines or penalties for non compliance?
Significant penalties can be imposed on employers who breach the GDPR, including fines of up to £17 million or 4% of the businesses annual turnover, whichever is greater. This is far higher than the maximum £500,000 currently at the Information Commissioners Office's (ICO) disposal.
The level of fine will depend upon the type of breach and any mitigating factors, but they are designed to strongly penalise any employers who show a disregard for the GDPR.
Who enforces GDPR in the UK?
The Information Commissioners Office.
How has this impacted our clients?
Our clients continue to pro actively maintain their compliant business models, and ensure they are striving for long term success and sustainability. In response to the level of work needed to update their current practices and policies as they will apply to the new rules and requirements, our clients have been preparing for the anticipated changes for some time.
ESCG have the highest confidence in their clients’ abilities to meet the new responsibilities under the terms of GDPR. During the last few months, our clients have been carrying out full GDPR compliance reviews, analyses and risk-assessments. All data processing documentation that they hold will be relevant to the new Regulation, when it comes into effect.
They are taking three key steps to achieve this:
Documenting all current processes and data flows, and analysing any potential areas of weakness or vulnerability of all information that they hold. This enables them to identify areas of improvement in advance of the GDPR deadline.
Carrying out detailed internal audits. This is extremely helpful in identifying their overall level of compliance ahead of the introduction of the Regulation.
Conducting risk assessments to identify where any additional security measures may need to be implemented within their software range.
Updating their policy and processes to meet key GDPR compliance requirements prior to the Regulation’s introduction.
What should you be doing as a recruiter?
If your agency's policies and practices comply with the current Data Protection Act requirements, you are on track to complying with GDPR.
The IOC has developed a 12 step guide to assist you, which can be found here:
Engaging with one of our clients could assist you in your preparations, and offer support to you and your temporary workers. Please contact ESCG if you require specific information related to preparing for the GDPR.