Barely a week passes without some news of a major information security incident. Recently, we’ve had ransomware attacks exploiting the ageing population of Windows XP computers that are still being operated by the creaking NHS, and media and entertainment giants like HBO, who really should be locking things up better, being blackmailed over stolen episodes of Game of Thrones which are yet to be broadcast.
However, across the globe, information security is set to get a shake-up. On 25 May 2018, GDPR, or formally the European Union General Data Protection Regulation (EU-GDPR) comes into force. It is one of the most significant changes to the regulatory frameworks which govern business practice for many years.
Ostensibly, GDPR is a legislative instrument aimed at protecting privacy and the rights of individuals in regard to how Personal Identifiable Information (PII) is controlled and processed by businesses and public bodies. While this may seem to be of benefit mainly to citizens, it is actually a very strong premise from which to build a universal security framework.
Adhering to the framework enables businesses to achieve a better standard of security and helps to promote a more consistent approach to information security. For recruitment agencies this means greater confidence when sharing information with clients and supplier organisations as well as delivery partners and other third parties.
Following the framework also means the processes that support achieving compliance become embedded. The GDPR is designed to provoke a change in culture, and it doesn’t just include IT security measures and the practice of technology staff; it includes each and every user of business technology in your recruitment firm.
A good way to get a handle on GDPR is to consider the following key points about the legislation.
Recruitment businesses hold important and valuable information about significant numbers of people. In fact, with the exception of medical records, recruitment firms often hold some of the most valuable personal information that individuals possess.
If, address, phone numbers and email seem like run of the mill pieces of data, DoB, educational achievement, professional qualifications and accreditations and work histories certainly are not. Then, there may be copies of passports, driving licence and immigration documents.
And it’s not just the information your agency holds. It’s also about what data you share and who you share it with. The GDPR requirements around obtaining permission to process data, data breach notification and the penalty system are going to focus minds across the business world.
The best advice is for all recruitment firms to take control of preparing for GDPR as soon as possible. With the GDPR set to enter force on 25th May 2018, some might be forgiven for wondering: “Why the rush to take control of it now?”
However, there are no quick fixes to GDPR compliance. The best approach is a comprehensive assessment of where your recruitment business currently stands on IT security. Engaging with a good IT support company that is able to audit, identify gaps and work out how to get you to where you need to be to meet the GDPR standard is a good approach.
ETZ is developed and hosted from cloud infrastructure operated in line with ISO 27001, the internationally recognised standard for information security. Where appropriate, our systems will be updated to meet any changes to the standard required to accommodate GDPR.
For more on GDPR click here to take a look at ‘Preparing for the General Data Protection Regulation (GDPR) 12 steps to take now’ from the Information Commissioner’s Office (ICO).
Get your agency’s data to work harder The world of recruitment can be very cut and thrust. Agencies have a...Read more
Solving worker shortages requires more than just tweaking visa policy So, the government U-turn we predicted a few weeks back...Read more
See what ETZ could do for your agency with an online demo
Save hassle, time and money with our powerful software.Book a Demo