GDPR One Year On

One year on from the introduction of the GDPR (General Data Protection Regulation) Framework across Europe, Mary Seery-Kearney takes a look at the ERF’s journey to date and highlights some of the key measures they have taken when it comes to representing and supporting their members through GDPR.

ERF’s Journey

The National Recruitment Federation began their journey into GDPR compliance well in advance of the implementation date of the 25^th May 2018.  In doing so we established experience in all that is involved to ensure compliance.  As an organisation that has at its vision the standards of best practice and professionalism in the Recruitment Profession, and as thought leaders for the Recruitment Profession in Ireland, it was essential that we forged ahead in ensuring that the many facets of GDPR compliance had been carefully considered both for ourselves as an organisation and for the profession as a whole.

Representing & Supporting the Irish Recruitment Profession through GDPR 

The GDPR Task Force

The ERF are members of the World Employment Confederation. (WEC), a body comprising national Federations throughout the world operating in the Recruitment Sector.  WEC, whose office in Europe in based in Brussels, quickly established a GDPR Task Force so that representatives of the industry in each of the Member States of the European Union could bring their experiences and concerns. 

The Task Force provided a place for discourse on how GDPR would operate, noting the accumulative experiences in implementation and national oversight of each of the representatives in their own countries, in their own businesses and as a National Federation.

GDPR Breakfast Briefings

The ERF participated fully in all of these meetings, bringing home the collective views and responses, so that we were able to inform the profession in Ireland. We commenced a series of breakfast briefings so that our members could come together, hear legal opinion and discuss amongst ourselves the solutions and implementation experiences across the profession in Ireland.  From there we provided a roadshow of practical guidance into the implementation of GDPR, all in advance of the then looming deadline.

GDPR & Challenges for the Recruitment Profession

One of the biggest issues for the Recruitment Profession is the lack of understanding of the complexity of the profession. Relationships for Recruitment Agencies with clients as well as candidates, and the differing circumstances in which data is transferred or shared, all give rise to a complex cluster of necessary considerations. 

Working with the Data Protection Commission

While our own Board expertise, the WEC assistance, and our various legal advisors were all of great assistance, we also believed our role in advocating for the profession requires that we ensure all stakeholders understand just how complex the recruitment profession is when it comes to data processing. To this end, and to advance the standard of professionalism in the profession, we held meetings with the Data Protection Commission to assist them in understanding our profession and to hear their particular concerns. 

We continue to maintain an open dialogue with the Data Protection Commission exchanging views on the issues that arise for the profession until common grounds is found.  One such issue is the data considerations required for references, their collection, their dissemination and their consequences especially when the reference includes negative feedback on the candidate.

Our Own Experience of the Process

The deadline came and has passed!  As a Federation ourselves, we had to consider the large number of potential data subjects that we have across our various areas of operations: our voluntary Board of Directors, Members Services, Education and Apprenticeship Programmes, Skillnet, Garda Vetting Services and our own employees. Amongst these categories we have additional requirements and potentially hold sensitive data, and so we are required to hold ourselves to a very high standard of compliance and are subject to external statutory audits, for example by the Garda National Vetting Bureau. 

To ensure this, we appointed a Data Protection Officer, who is external to the organisation, in order to fulfil the obligations of transparency and best practice in our GDPR implementation. All of our processes were audited to learn where the risk factors lay; and our documentation was considered for its appropriateness and adherence to the Seven Principles of Data Protection.  This work is constant and ongoing, we never rest in reviewing our practices and are constantly evolving as our experience grows and novel issues arise that require the creation of a new response what accords with GDPR principles.

What’s Next?

As a Federation, we are forging ahead to meet the challenges coming down the road for the profession, Brexit and its fall out being the dominant consideration threatening to confront us. To help we are currently formulating advice for the profession so that whatever occurs we will be prepared. Watch this space!