A Reminder to Data Privacy Consultants and Recruiters…The Wild West is Over
- Author: Richard Hutson
- Date: 09 Apr 2018
Data has been, it seems to me and a lot of other people, a Wild West bonanza for too long – it hasn’t been properly looked after and has, as we all know from the news, been sold, in plain sight, without individuals being any the wiser about what has been, in fact, theft – from the person, of the person.
As a recruitment consultant specialising in the data protection area and GDPR, I have seen some unattractive trends amongst some data privacy people, keen to cash in on the GDPR goldmine but lacking genuine skills or experience.
This group have, at times recently, looked a bit like gunslingers for hire, riding into town on social media, and scattering bullets of bile to promote their own apparent skills. LinkedIn has been awash with these self-promoting, self-styled “experts”. They have bad mouthed firms and personnel just, quite simply, for self-promotion and to try to spread their reach by any means. It is unpleasant to watch and is not what data privacy experts should be about.
All of us in the industry, recruiters and data professionals, we all much prefer – and value - data consultants who remember at all times, even on social media, the core of what they are all about – privacy. Good contractors – and I know a few - will never promote themselves at the expense of their own data protection ethos, their own high standards of privacy and professionalism. And they don’t have to.
Let’s say you want to do some good in the world, and data privacy professionals certainly care about good governance. You decide, for instance, to feed the homeless. Well, go ahead but do it quietly. Don’t post pictures of yourself all over social media, passing over the plate and sneering patronisingly at the lucky recipient, because all you are doing then is feeding your own ego at someone else’s expense.
Anyway, back to the Wild West. On May 25, the sheriff arrives into town to clean things up – in the shape of GDPR. It is, in the data protection world, our very own D Day.
We recruiters who deal in data every day need to take GDPR on board. You can’t escape GDPR. It affects all of us who process any level of personal data of EU resident citizens – this could be anyone, from a burger flipper dealing with card transactions, to multibillion pound firms. And the fines and reputational damage can be huge.
Below are some reminders of the key points. Recruiters – you might want to show your bosses!
1 - Respect data privacy
Recruitment consultants encounter many forms of personal data through an end to end placement of the candidate. The personal data of a candidate doesn’t belong to you as the recruitment consultant, it belongs to the individual candidate, and he/she has rights.
2 - Manage personal data
You must understand what data you’re gathering and classify it. Make sure you understand where it’s held, how it is kept and how and when to delete it. Also, back it up, anonymise it or encrypt it. Do whatever is needed, just don't avoid managing it.
3 - Targeted emails only
Avoid abusing personal data by sending big mail shots to large numbers of candidates that don’t meet the spec. Rather, ensure you work with an up-to-date list of candidates or contacts, and apply a very personalised approach, tailored to meet the spec.
4 - Gather proof of consent
Recruitment professionals can no longer fly under the radar and assume tacit approval when sending out different types of content. If you use personal data, consent by the individual is crucial – it must be freely given, specific, informed and unambiguous. The consent can be recorded with audio recordings, paper trails, digital checkboxes or web forms.
5 - Get management buy-in
Hold weekly catch ups with all levels in the company to make sure GDPR is being enforced throughout.
6 - Select a champion for personal data
If the company isn’t big enough to have a specific Data Protection Officer role then best practice is to have a data champion to drive knowledge management projects and have a competent go-to person for internal and external queries. The data champion will need the support of all directors.
7 - Secure your digital infrastructure
Map and secure all systems that process personal data. Establish robust access controls and profile management; then ensure you have processes in place to review software licensing; then guarantee patch management which will identify any threats. Be prepared for the risk of external hacking or internal leaks by having mechanisms to identify possible data breaches; then eradicate them.
8 - Be transparent
Be open about the processes and don’t treat them as a company secret. Your candidates and contacts will trust you if you prove to be trustworthy and can also show that you have robust systems in place. The future of data management in today’s information society requires a high degree of transparency, as opposed to the secretive marketing and business intelligence procedures of the old Wild West days. Blockchain firms are thriving because they are seen to be both transparent and robust protectors of data privacy.
Finally remember – GDPR is here to stay. Embrace the positives that come from proper data protection and respect the professionalism of the consultants who ensure, without social media exaggerated self-promotion, that best practice is followed everywhere – in recruitment and in business as a whole.