GDPR
What is GDPR?
The EU General Data Protection Regulation (GDPR) is a new EU regulation that will come into force on 25 May 2018. It will strengthen the current rules under the Data Protection Act (1998) by introducing new obligations for organisations and rights for individuals.
The GDPR will apply to businesses that are outside of the EU but continue to provide services to individuals from EU Member States, so will be applicable even after Brexit. Businesses will need to comply with the GDPR from 25 May 2018 or face steep penalties.
How we're supporting you
GDPR will impact how recruiters and recruitment businesses process candidate and client data. It is essential that recruiters familiarise themselves with these changes and begin preparing.
| GDPR section in our Legal Guide | |
| A guide to the EU General Data protection Regulation (GDPR) for REC members | |
 |
Infographic - Are you ready for the General Data Protection Regulation (GDPR)? |
| |
Infographic - Jobseekers know your data protection rights |
| |
Guide to record keeping |
 |
GDPR learning course - Recruitment Law: GDPR |
We are also in touch with the Information Commissioners Office (ICO) and are working with our sister federations in Europe to get additional information for our members and contribute to guidance materials.
New model documents
GDPR model policies and forms can be found here. These include:
- Model document DP1 – GDPR checklist
- Model document DP2 – GDPR – matrix of legal bases for processing and documents to use
- Model document DP3 – Data protection policy
- Model document DP4 – Data protection procedure
- Model document DP5A – Privacy notice (when personal data is obtained from the data subject)
- Model document DP5B – Privacy notice (when personal data is not obtained from the data subject)
- Model document DP6 – Consent form
- Model document DP7 – Withdrawal of consent form
Existing model documents
We have updated a number of our existing model terms and conditions, model forms, and model policies in light of the GDPR. These are all accessible in our Model Document Library. Please see our GDPR list of model documents for an overview of what model documents have been updated.
New GDPR learning course
This course is aimed at anyone who has, or will have, responsibility for reviewing, implementing, and maintaining compliance with the GDPR. The course is also suitable for any person within a business who processes personal data on a day-to-day basis and wishes to increase their knowledge and understanding of GDPR. Find the course overview here.
- 25 April - London
- 26 April - Birmingham
- 8 May - London (morning)
- 8 May - London (afternoon)
- 10 May - Manchester
First step
You should already be registered with the Information Commissioner’s Office, the UK’s independent body responsible for compliance with data protection laws in the UK and upholding information rights. If not, you should register with the ICO here.
Beware of scam letters and emails from third parties offering to do this for you – you do not need a third party to assist you and they charge more than the notification fee.
All GDPR updates can be found on the Legal news and GDPR section in the Legal guide.
Can’t find what you are looking for?
Please call the Legal Helpline on +44 (0) 20 7009 2199 available from Monday-Thursday 8.30am-5.30pm, Friday 9.30am–5pm or email us at legal@rec.uk.com. Please quote your corporate membership number when calling or emailing us.
