Disclaimer: I am not a lawyer, so this article and the opinions expressed herein are solely mine. They are based on the things I learned about the GDPR and are solely for informational purposes.

If you’re a recruiter or involved in talent acquisition, you need to be concerned about the GDPR, the European Union’s General Data Protection Regulation.

One thing is certain: When it goes into effect, the GDPR is going to be the biggest shakeup in the history of online privacy regulations.

Starting May 25, 2018, the EU will enforce a set of regulations designed to protect European citizens’ personal data. It will affect all companies that deal with personal data — recruiters especially. Of course, even non-EU-based companies will still have to comply.

GDPR was designed as a replacement for the current Data Protection Directive 95/46/EC. It has the purpose of reconciling country-specific and sometimes conflicting European data privacy laws. Most importantly, it aims at changing the way organizations operating in the EU, or those collecting personal data from the EU’s citizens, approach data privacy. It also provides a harmonization of the data protection regulations throughout the EU, thereby making it easier for American companies to comply.

This regulation is aimed at empowering EU citizens regarding their personal data through tighter regulations. In simpler terms, it means that it will now be unlawful to use an EU citizen’s data without his or her explicit consent.

It is mandatory for organizations that are processing the personal data of EU residents across the globe. Failing to comply could result in severe penalties of up to 4 percent of worldwide turnover.

How will GDPR impact recruitment?

Many in the recruitment industry fear that this coming regulation will disrupt candidate data collection and management. Even though their fears may be justified with its hefty, non-compliance fines, GDPR will undeniably bring candidate privacy and the candidate experience to a whole new level — a game changer for personal data processing.

In today’s job market, the recruitment industry earns its bread through the processing of candidate’s personal data. In fact, any successful recruitment is crowned by super personal data management and optimization, an avenue to be analytical and strategic in acquiring top talent.

The recruitment industry relies on personal data to learn more about potential hires through their various social media profiles, online resume databases, records of employment, applications, and tests. They utilize a substantial wealth of data by sorting information into trends and narrowing down the talent pool.

GDPR certainly has the potential to make or break the recruitment industry through its personal data usage, and with fines up to €20 million (euros) or 4 percent of global turnover, compliance by every recruiter and HR department will be of the utmost importance.

Therefore, come May 28, it is important to understand the ways GDPR will redefine the recruitment industry. Here are a few ways in which it will do so.

1 – Consent will become king

Consent is one of the fundamental aspects of GDPR. Recruiting agencies and HR managers will now need to obtain consent from their candidates for every usage of their personal data.

Recruiters will need to request consent from every candidate in an easily accessible and intelligible form, a form that will contain the purpose of processing the candidate’s data.

Yes, people will have to know in emphatically plain terms what you want to use their data’s for. A thousand pages of Terms & Conditions will not do anymore, and neither will pre-ticked checkboxes.

Consent is only valid if actively given by the candidates. Scooping data personal data from social media will not cut it either.

2. Consent must be clear and explicit

Currently, you may have a less-than-perfect way of informing your candidates about how you collect, handle, and store their personal data. Under GDPR, you are required to ask for explicit consent, clarify how you will use individual candidate’s data, and make sure that the data remains secure.

Additionally, you should enable candidates to access and review their data anytime the like, ask for updates of their data, and even allow for full erasure upon request. Candidates will have the “right to be forgotten or right to erasure,” meaning that candidates can request for their data to be erased when it is no longer necessary for the original purpose.

This right will create an interesting situation for companies and applicant tracking systems (ATS).

Candidates will be able to apply to a role, fail miserably during the interview, and be rejected because they are not company fit, but after they receive the rejection from the company, they could easily use their “right to be forgotten,” and company needs to erase everything.

The candidate could then reapply after few months, and the company will not have any information from the previous interview. Alternatively, the candidate could reach out to a recruiter in some other location, and that recruiter will not be able to find any information in the ATS.

I am also interested in the situation when a candidate will ask a company to erase all the data that company has secured. The company will need to remove the data from its ATS, sourcing tools that it is using, LinkedIn, AIs, and so on.

However, you can turn these tough requirements into new strengths that will help you serve your candidates better and improve their trust and loyalty.

On your company website or social media, make sure your candidates agree to everything you do with their data and do not forget to store that information. This process might mean changing sign-up forms or the checkout processes.

3. Be gone all unsolicited job posts!

Recruiters will no longer be able to send emails to users who have not opted into their mailing list. Initially, recruiters and HR staff must be aware of who is currently in their database to avoid getting hit with penalties.

Even if you are certain your company does not send emails to anyone within the EU, it is safer to double check this and be certain. Just one single email sent to an unwilling EU candidate could leave your recruitment brand in hot water.

4. There will be fines for non-compliance

The approach towards fines is two-tiered, and it is quite intimidating. Fines can be imposed based on a list of points that include the nature, gravity, and duration of the infringement.

The maximum fines can go up to 4 percent of the company’s annual global turnover or €20 million (euros), whichever is higher. Other infringements could attract fines of up to 2 percent of the annual worldwide turnover or €10 million euros), whichever is greater.

GDPR will improve the candidate experience

It is encouraging to look at the implications of GDPR as a recruitment opportunity — а chance to better the candidate experience. This way, you will not see compliance as a strenuous task to be completed. Rather, with each step in the compliance process, you might instead keep the candidate as your focal point.

How can I use GDPR to improve candidate experience throughout the recruitment process?” you ask. Here are a few processes.

Use portability to your advantage

An aspect of GDPR that is rarely mentioned is data portability. Recruiters will need to provide all the personal data they have on a candidate when requested in a portable format. The GDPR demands that each candidate has the right to transfer their data anywhere the prefer.

Data portability can surely be turned into a recruiting benefit. Through GDPR compliance, your agency becomes ready to receive portable data transferred from a competitor, giving you the data histories of your new candidates so you can better serve them from the start of your new relationship.

I’m not sure if we are going to see the possibility to export our complete profiles on LinkedIn or if we will be able to transfer it to the competitor site, but it will be interesting to see how the big companies will deal with this requirement.

As a recruiter, you may be forced to create data assets that enable data portability; however, whatever technical methods you choose to use, the result will be a more agile and future-proof system. Even if no one ultimately wishes to transport their data, setting aside room for fool-proof portability will keep your candidates satisfied.

In regards to portability, recruiters need to be conscious of data sharing. You need to choose the entities with whom you choose to share your candidate’s personal data with very carefully because a slip-up might dictate the end of your recruitment business.

Upgrade recruiting systems and software

Preparations for GDPR may force you to upgrade recruitment software and systems that are obsolete or about to become so.

This update may strain your budget in the short term, but in the end, your recruitment will reap the benefits. Quite probably, your upgrade will bring along plenty of ways to offer new solutions and services that benefit you and your candidates

The upgrade will enable you to serve candidates better, respond to their requests, engage them in the ways the prefer, and pinpoint their needs in one moment. As well as GDPR compliance, a renewed system will bring up-to-date progress to hiring.

Use ironclad data storage

Check out how your company is storing candidate personal data and ensure that the methods being used are ironclad. Data security should be taken with the utmost importance because a slight slip could spell doom.

Therefore, ensure everyone who handles personal data within your organization understands what GDPR entails. Most times, recruiters and HR personnel rely on third parties to handle their personal data. Verify that these services are already GDPR compliant, or at the very least, that they will be by May 2018.

Take note: The transition process of system and security upgrades should be fairly smooth for small-scale recruiters. However, it can quickly get tricky in a larger recruiting establishment where a great deal personal data is handled in many complex ways.

Empower your candidates with transparency

You can empower your candidates by showing them that they truly have ownership of their personal data. In this context, if a competitor is vague and obscure, but your recruiting agency is transparent and empowering, it is obvious which one of you will outshine in the eyes of the candidate.

Each step you take to be compliant, including all the improvements you make to the security of personal data, helps you build trust with your candidates. Communicating your compliance enables you to emphasize your trustworthiness, and reliability is the basis of all lasting recruitment relationships.

By implementing GDPR, your candidate experience may climb higher than ever before.

GDPR will bring big changes to recruitment

Although the upcoming GDPR will grant a comprehensive and enhanced set of fundamental rights to job seekers and candidates, recruiters can also take advantage of the change.

Successful recruiters are used to changes. In fact, they have a knack for seeking new possibilities and smarter solutions to better the lives for their clients and candidates. Therefore, recruiters, as personal data controllers and processors, will need to take bold steps to maintain compliance with the GDPR.

If you excel in GDPR, you will reap the resulting benefits from empowering your candidates, seeking only data that is needed directly from the source, and leveraging it to build better, long-term relationships through better recruiting.

GDPR will bring many new challenges and new job opportunities, especially for 28,000 new DPOs required under GDPR in Europe alone, based on research by iapp.org. On the other hand, many companies will be negatively affected by it. GDPR is a complicated legislation, but it is all about our personal data.

The bottom line, for everyone, is pretty obvious: Let’s hope that the GDPR will bring more good than harm.

Jan Tegze

Jan Tegze is Senior Recruiting Manager at SolarWinds, a company that “provides powerful and affordable IT management software to customers worldwide, from Fortune 500 enterprises to small businesses, managed service providers (MSPs), government agencies, and educational institutions.” He is also the author of the book Full Stack Recruiter: The Modern Recruiter's Guide, published October 2017. Jan has extensive experience in full life cycle recruiting, and broad knowledge in international recruiting, sourcing, recruitment branding, marketing and pro-active innovative sourcing techniques. Connect with him on LinkedIn or follow him on Twitter @jantegze .