The EU General Data Protection Regulation (GDPR) is a new EU regulation that will come into force on 25 May 2018. It will strengthen the current rules under the Data Protection Act (1998) by introducing new obligations for organisations and rights for individuals.
The GDPR will apply to businesses that are outside of the EU but continue to provide services to individuals from EU Member States, so will be applicable even after Brexit. Businesses will need to comply with the GDPR from 25 May 2018 or face steep penalties.
GDPR will impact how recruiters and recruitment businesses process candidate and client data. It is essential that recruiters familiarise themselves with these changes and begin preparing.
|GDPR section in our Legal Guide|
|A guide to the EU General Data protection Regulation (GDPR) for REC members|
|Infographic - Are you ready for the General Data Protection Regulation (GDPR)?
|Infographic - Jobseekers know your data protection rights|
|Guide to record keeping|
| GDPR learning course - Recruitment Law: GDPR
We are also in touch with the Information Commissioners Office (ICO) and are working with our sister federations in Europe to get additional information for our members and contribute to guidance materials.
GDPR model policies and forms can be found here. These include:
We have updated a number of our existing model terms and conditions, model forms, and model policies in light of the GDPR. These are all accessible in our Model Document Library. Please see our GDPR list of model documents for an overview of what model documents have been updated.
This course is aimed at anyone who has, or will have, responsibility for reviewing, implementing, and maintaining compliance with the GDPR. The course is also suitable for any person within a business who processes personal data on a day-to-day basis and wishes to increase their knowledge and understanding of GDPR. Find the course overview here.
You should already be registered with the Information Commissioner’s Office, the UK’s independent body responsible for compliance with data protection laws in the UK and upholding information rights. If not, you should register with the ICO here.
Beware of scam letters and emails from third parties offering to do this for you – you do not need a third party to assist you and they charge more than the notification fee.