As the GDPR is a new regulation, firstly you need a good understanding of the implications of the regulation. This typically means seeking legal advice.
A data flow analysis of a typical executive search or recruitment firm by ComplyGDPR and CMS discovered that legal drafting is required for approximately 20 documents. This increases for assessment, coaching or interim management activities.
For firms talking the GDPR on an individual basis, the estimated legal bill faced by firms tackling the GDPR is around £15k – £50k depending on the businesses breadth, global reach and type of legal firm consulted.
Having sought legal advice, a business still needs to translate the advice into policies and processes to embed the requirements of the regulation into their business. Other costs are training, database clean up and an IT Risk audit.
Putting the cost to one side, very few firms have the necessary internal resource or skills to adequately prepare for the GDPR. This has left many wondering whether there is a more economic and easier approach to working out everything themselves.
The ComplyGDPR international team have 75 years’ knowledge from working the executive search and recruitment sector and understand the specific implications of the GDPR for the sector.
This has resulted in an approach that is designed specifically for businesses in the recruitment sector (executive search, in-house teams, interim management, coaching, assessment and recruitment).
The unique modular approach of ComplyGDPR includes legal advice, processes, policies, checklists, templates, training, helpline, IT risk audit and technology advice to cover every aspect of the GDPR in a recruitment business.
The ComplyGDPR toolkit significantly reduces the cost and time to prepare for the GDPR. It also minimises the risk of missing key implications of the regulation.
The toolkit provides legal advice and guidance that has been translated into practical and actionable points for the business. It’s not something to buy and then put on the shelf as a gesture towards compliance. Make no mistake, there is a considerable amount of work to be done. The toolkit helps a business understand the issues and the risks, it sets out a plan for what needs to be done and provides guidance and advice on how to do it. This is supported by checklists, templates, legal clauses, documents and processes for both assignment work and internal HR.
On some issues there is no absolute right or wrong, a business decision will need to be made. In these cases, the handbook sets out the information and options so that an informed decision is made.
Practical implementation support is provided in two ways. Clients are invited to attend a one day workshop where the person responsible for implementing the GDPR programme is given a thorough understanding of the issues and recommendations in the toolkit. Following the course, clients have access to helpline where they can discuss questions and practical issues with core members of the ComplyGDPR team.
ComplyGDPR have also created a forum for clients to discuss decisions that they are making with peers from other firms. Most do not see this as a competitive issue, this is about facing a common challenge. Many feel isolated in facing this task and welcome the chance to interact with peers on key issues.
Many businesses have already grasped that this as a way of differentiating themselves and that the GDPR provides an opportunity. The privacy climate is going to change as clients and candidates will start requiring evidence of compliance. With the risk of fines and damages combined with loss of reputation there is a huge amount at stake.
To use the words of the ICO Commissioner Elizabeth Denham in her January 2017 address
“When it comes to data protection, small businesses tend to be less well prepared. They have less to invest in getting it right. They don’t have compliance teams or data protection officers. But small organisations often process a lot of personal data, and the reputation and liability risks are just as real. If a business can’t show that good data protection is a cornerstone of their practices, they’re leaving themselves open to a fine or other enforcement action that could damage bank balance or business reputation”.
There is much to do but as of today there are 365 days and reducing. Will your business be ready?
Contact ComplyGDPR to find out more about how we can help you.