Why legal advice is only part of the solution in preparing for the GDPR in a recruitment sector business

A common complaint from firms who have sought advice from their lawyers or generic GDPR consultants, is that they find that their advice or approach is impractical to implement in the business.

Having grasped the implications of the legislation, Helen Haddon, a consultant with 20 years operational experience in executive search and recruitment businesses discussed the best approach with Elle Todd, partner and head of Digital and Data at international law firm CMS and Leon Penny, CEO of SynergyGroup. She then set up ComplyGDPR to provide specific solutions for executive search, interim management, in-house teams and recruitment businesses.
Elle explains why many search firms struggle to understand how to translate the requirements of the GDPR into their business. She says “many will claim to be able to advise on data protection but it requires more than just reciting what the legislation says. Instead, it requires in-depth understanding of the evolution of data laws, areas of risk and an ability to translate complex and often vague concepts into practical and workable actions and processes that your business can actually understand and use. Done properly and focused on your sector’s nuances, however, it will however save you money in the longer term by meaning you should be able to run your data compliance and not constantly need further input and advice.”
Once you begin to unravel the requirements of this new legislation, it soon becomes apparent that although there is much that is familiar from the existing Data Protection Act, this is not a just a tweak, this new legislation takes data privacy and the responsibility of organisations to a whole new level.
It produces challenges around processing assignment data because some data is provided by the individuals themselves but a significant proportion is gathered without the knowledge or consent of individuals. The regulation requires new processes to be implemented to respond to individuals’ requests to see their data. Firms need to monitor and report data breaches within the required timescales, this requires IT expertise as well as good internal processes and training. Above all it requires the ability to be able to demonstrate your data privacy approach through record keeping, training and documentation.
The ComplyGDPR approach is to provide a toolkit that provides the legal advice that is translated into processes that can be implemented into the business. This is the approach that generic GDPR consultants or lawyers can not provide as they lack the in depth knowledge of the business context.

Recent posts