About GDPR

About GDPR

The GDPR legislation came into force globally on 25th May 2018.

Brexit will not affect GDPR as in the UK the GDPR was incorporated in the Data Protection Act 2018. 

Whether you need help understanding what you need to do to comply or support or training for keeping on top of the GDPR we can help you.

How GDPR affects your business

The ComplyGDPR team have spent a considerable amount of time understanding the impact of the GDPR regulation for Executive Search, Interim management recruitment businesses and in-house recruitment teams.

GDPR affects data that a business holds on any EU or EU approved citizen whether that person is a client, candidate, source, referee or member of your staff irrespective of the physical location of your office.

GDPR also applies if your business is based in a EU or EU approved country even if you are not handling data of EU citizens. In the UK, GDPR is regulated by the Information Commissioners Office (ICO).

Fines for a breach of GDPR are substantial starting at 10M Euros or 2% of global turnover to 20m Euros & 4% of global turnover. A business may also be liable to pay damages to individuals whose data has been breached.

If you would like to learn more about GDPR and its impact on your Executive Search, Interim Management recruitment business or in-house recruitment team contact us.

What the ICO says about GDPR

The GDPR has been a game changer for everyone.

99% of the UK’s 5.5 million businesses employ fewer than 249 people, and the proportion is growing.

When it comes to data protection, small businesses tend to be less well prepared. They have less to invest in getting it right. They don’t have compliance teams or data protection officers. But small organisations often process a lot of personal data, and the reputation and liability risks are just as real.
ICO enforcement powers aren’t just for ‘typical’ data breaches, like laptops left on trains or information left open to a cyber attack. The GDPR gives regulators the power to enforce in the context of accountability – data protection by design, failure to conduct a data protection impact assessment, DPOs and documentation. If a business can’t show that good data protection is a cornerstone of their practices, they’re leaving themselves open to a fine or other enforcement action that could damage bank balance or business reputation”.

All quotes on this page are from the Information
Commissioners address in Jan 2017

https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2017/01/gdpr-and-accountability/

“Businesses need to move from a mindset of compliance to a mindset of commitment: commitment to managing data sensitively and ethically. Not just because it’s the law, but because it’s part of basic good business practice.”