10 reasons for a business in the recruitment sector to ignore the GDPR & the ICO

Recruiters say no to GDPR


Finally, an article to challenge the GDPR hysteria amongst recruiters. Over the past four months I’ve had discussions with a large number of executive search and recruitment businesses.

I’ve heard a range of reasons why some businesses are going to ignore the GDPR and run the risk of the wrath of the ICO. Business decisions are made on a risk based approach so I am always interested in the rationale behind decisions.


10 reasons why recruitment businesses are choosing to ignore the GDPR

1. Brexit means that we don’t need to take action about the GDPR*

2. We don’t think that the ICO will be interested in how we conduct our business.

3. We don’t believe that a data breach could happen to us.

4. We don’t understand why people are so concerned about data privacy in recruitment.

5. We don’t consider that money on IT security is well spent.

6. We don’t believe that we need to be concerned about what happens to candidate data when we pass it to a 3rd party.

7. We don’t need to take responsibility for the CVs we hold and how we use them.

8. We don’t think it’s worth gaining an individual’s consent before sending marketing emails to them.

9. We don’t believe we are going to be held responsible for the way that our consultants conduct their work.

10. We don’t believe that our reputation with our clients and candidates will be impacted by our approach to data privacy.

Apart from the view on Brexit and the GDPR (the UK government have published the Bill which will incorporates the GDPR into UK law) these are all risk based decisions. However, let’s be absolutely clear that none of them will hold any water with the ICO. Despite the size of a possible fine, some businesses will be willing to take the risk but it is really a well calculated one?

Understanding what the GDPR means in the recruitment sector

If you’re amongst the majority who are undecided on your approach to the GDPR, this may assist your decision.

Before you finally decide to run the risk, take a moment to think of it from a different perspective, that of your clients.

Here’s a quick exercise to help you calculate the cost of ignoring the GDPR and the potential impact on your business post GDPR. Imagine at a meeting with a potential new client you are asked to explain your approach to the GDPR.

Read the list above to them.

How did that feel? Not so good?

Take two, rerun your explanation but this time omit the negatives “don’t” and “can’t”

How did that feel? Better?

Ask yourself which one is going to increase the chance of winning the work?

If you’re absolutely convinced that none of your clients or candidates are ever going to question you about your approach to data privacy then run the risk.

What does the GDPR mean for businesses in the recruitment sector?

If you think that you do need to take action on the GDPR but are not sure what it means for your business or don’t understand how to prepare, contact ComplyGDPR. We provide an approach specifically for businesses in the recruitment sector.

Our comprehensive GDPR toolkit helps a recruitment business prepare for the GDPR in a cost efficient and effective way.

If you’re not sure what it means for your business you can be sure that we do.


About the author

Helen Haddon is founder of ComplyGDPR. She has a 20 year track record working in with some of the leading global and UK executive and recruitment businesses leading operational management and data privacy issues.



Recent posts