You are likely aware that on May 25, 2018, a new data privacy law introduced in Europe called the General Data Protection Regulation (GDPR) has come into force, impacting how businesses collect and process data.

GDPR empowers people to take control of their data.
Your data subjects (Candidates and Clients) will dictate and decide how their data should be processed. GDPR is a regulation which has come into effect on 25th May 2018, although it has been introduced much before to give businesses time to prepare for it.

Regardless of Brexit, all UK organisations handling personal data will need to comply with the GDPR because of The Data Protection Bill that is coming into effect soon.

GDPR centers around protecting people’s data and ensuring that the public is made aware of the purpose why a business is keeping their data but also asking for their consent to do so – this is crucial. The idea is that as soon as a member of the public gives there information away they are made aware of what the purpose is for be it simply storing and processing, mass-marketing, surveys or otherwise.

The public should also be made aware of the length of time you plan on keeping their data; this has been defined as 'for no longer than is reasonably necessary for the specific purpose laid out in the initial sign-up'. This does leave somewhat to the imagination, but it can be interpreted as for example if you were to keep a person's data in order to find them a job then having found them a job you would have to ask for a 2nd permission to continue holding the data. Therefore, data cannot be held indefinitely.

You must also specify a length of time that you wish to keep the data for, so for example for recruitment purposes, it could be appropriate to tell the applicant that you will keep the data for 1 year and then seek their approval again after that time has run out.
Was this article helpful?
Thank you!