On May 25th 2018, new data protection regulation, known as GDPR (General Data Protection Regulation) came into force in the UK and across Europe. Millbank took care to be fully prepared for the changes.
GDPR replaces the outdated existing data protection laws, which were written in the 1990s before the current digital era. The world is a very different place, and the way we collect and store personal information as businesses has changed dramatically since that time.
GDPR is designed to unify legislation across the EU. While the UK is set to leave the EU after Brexit, the vast majority of GDPR is covered in the impending UK Data Protection Bill. In the UK, the legislation will be enforced by the Information Commissioner’s Office (ICO).
GDPR gives greater protection and rights to individuals. In a nutshell, there will be better rights for people to access the information companies hold about them, obligations for better data management by those businesses, and a new set of fines for breaching the regulations.
As a recruitment agency, we hold information about individuals which we use to put candidates forward to our clients for roles. As our business is all about personal data – we are often required to request and retain data such as passports, work history, medical information, security clearance credentials and many other personal details relevant to job applications.
Because of this we have long had processes in place for protecting the data we hold on individuals. However, GDPR was a great opportunity to review these and improve our candidates’ experience.
Several months before GDPR came into force, we were in communication with various advisory organisations to ensure we did all we could to comply with the new regulations. This included legal advice from recruitment and employment law specialists Lawspeed, and from APSCo, the Association of Professional Staffing Companies.
In line with ICO guidance, we updated our Privacy Policy and created automated processes to inform candidates of how we store their data and how we will use it. We also put in place renewed processes to swiftly deal with requests by data subject to access, rectify, erase or move information we hold about them.
To ensure we have in-house expertise to call upon, Business Manager Sean Boswell undertook specialist training on the subject, completing the GDPR Foundation course with the Knowledge Academy.
Sean passed on his knowledge with a clear and concise presentation delivered to all of his colleagues at Millbank, as well as to clients externally.
Graeme Thomason, Recruitment Coordinator at Nuvia, said:
“The presentation was informative, structured and well delivered. Sean obviously knew GDPR inside and out and has certainly helped us prepare for the 25th of May. From a business point of view, it was certainly worth attending the presentation.”
Liam Mason, Talent & Resourcing Advisor at James Fisher Nuclear, said:
“Sean provided a clear and understandable presentation on GDPR – with loads of useful information and tips. He also provided information for our internal recruitment team to go away with and update policies and procedures internally straight away. We’re definitely happy with the steps Millbank have put in place ready for May and they were explained clearly by Sean.”
HR Advisor Sarah Holland was appointed as our Data Controller, meaning she is the main point of contact within the organisation for data protection matters. Sarah can be contacted via our central email address for GDPR, gdpr@millbank.com. Please don’t hesitate to get in touch with any questions or queries about GDPR.