What is GDPR? 

The EU General Data Protection Regulation (GDPR) is a new EU regulation that came into force on 25 May 2018. It strengthens rules under the Data Protection Act (1998) by introducing new obligations for organisations and rights for individuals. 


The GDPR applies to businesses that are outside of the EU but continue to provide services to individuals from EU Member States, so will be applicable even after Brexit. Businesses will need to comply with the GDPR or face steep penalties. 


How we're supporting you

GDPR impacts how recruiters and recruitment businesses process candidate and client data. It is essential that recruiters familiarise themselves with the changes.  


The REC has produced a range of materials and events to help recruiters ensure they are compliant: 

Blog image
GDPR section in our Legal Guide
Guide icon A guide to the EU General Data protection Regulation (GDPR) for REC members
Are you ready for the GeneralData Protection Regulation (GDPR)? Infographic - Are you ready for the General Data Protection Regulation (GDPR)?
 Are you ready for the GeneralData Protection Regulation (GDPR)?  Infographic - Jobseekers know your data protection rights
 Guide icon Guide to record keeping
 Blog icon  GDPR learning course - Recruitment Law: GDPR


We are also in touch with the Information Commissioners Office (ICO) and are working with our sister federations in Europe to get additional information for our members and contribute to guidance materials.


New model documents

GDPR model policies and forms can be found here. These include: 


  • Model document DP1 – GDPR checklist
  • Model document DP2 – GDPR – matrix of legal bases for processing and documents to use
  • Model document DP3 – Data protection policy
  • Model document DP4 – Data protection procedure
  • Model document DP5A – Privacy notice (when personal data is obtained from the data subject)
  • Model document DP5B – Privacy notice (when personal data is not obtained from the data subject)
  • Model document DP6 – Consent form
  • Model document DP7 – Withdrawal of consent form

Existing model documents

We have updated a number of our existing model terms and conditionsmodel formsand model policies in light of the GDPR. These are all accessible in our Model Document Library. Please see our GDPR list of model documents for an overview of what model documents have been updated.  


New GDPR learning course

The REC provides in-company GDPR training, aimed at anyone who has responsibility for reviewing, implementing, and maintaining compliance with the GDPR. The course is also suitable for any person within a business who processes personal data on a day-to-day basis and wishes to increase their knowledge and understanding of GDPR. Find the course overview here. Email us to learn more.


First step

You should already be registered with the Information Commissioner’s Office, the UK’s independent body responsible for compliance with data protection laws in the UK and upholding information rights. If not, you should register with the ICO here.  


Beware of scam letters and emails from third parties offering to do this for you – you do not need a third party to assist you and they charge more than the notification fee. 

All GDPR updates can be found on the Legal news and GDPR section in the Legal guide.



GDPR Blueprint - Infographic

Can’t find what you are looking for? 

Please call the Legal Helpline on +44 (0) 20 7009 2199 available from Monday-Thursday 8.30am-5.30pm, Friday 9am-5pm or email us at Please quote your corporate membership number when calling or emailing us.

Back to top
Award winning services AEA award logoAssociation Excellence Awards 2017MemCom 2017 Awards