With GDPR causing havoc and sending everyone into a frenzy at the moment, we take a look at the 10 biggest myths floating around.
1. Delete your current database and start again.
Woah hold up, let’s not do anything rash. Deleting your database is probably one of the most debated topics during this whole GDPR fiasco. Explicit consent is only required for processing sensitive personal data where only an actual ‘opt in’ will suffice. Unless you have super secret MI5 style sensitive data, you’ll be fine with implied consent and can keep your database just as it is.
2. Do not email anyone outside of your company!
You don’t have to stop your recruitment activities! As long as you have a legitimate business interest, you can email whoever you want. If they ignore you or ask you not to email them again, you need to make sure you don’t store their email address anywhere – as if you contact them again, you may get an unpleasant response. Don’t bury your head in the sand, just follow the rules and you will survive!
3. GDPR is a punishment for all our business sins.
We will all atone for our GDPR sins! The Information Commissioner’s Office (ICO), who are responsible for upholding GDPR, do not issue fines lightly. Over the 2016/2017 period, there were 17,300 cases of non-compliance, BUT only 16 organisations were fined. The objective of GDPR will not be to punish organisations but is about putting the privacy and security of customers first. It is likely that a few well-known companies will be made an example of but it is not the beginning of a strict regime!
4. Only an issue for the IT team right?
Just because GDPR includes the word data, it doesn’t mean you can shove it off to your IT department! GDPR includes where personal data is obtained from, how it is used, where it is stored, who it is passed to and how those parties use that data. So keep your IT pals onside and no offloading to them this time!
5. Ignore it – It doesn’t apply to us.
This is something (almost) every business has thought, but just because it may seem like a lot of effort, it doesn’t mean it isn’t applicable to you. Once you get to grips with GDPR and do what needs to be done (sooner rather than later), you will thank yourself!
6. Everyone has the right for their data to be erased.
The right to be forgotten has caused a bit of a stir, but unfortunately, you can’t be erased with a flick of a wand. Organisations can continue to process data if it remains necessary for the purposes for which it was originally collected or if the organisation still has a legal ground for processing the data. Hurrah, your database will survive!
7. Don’t ever call candidates again.
Calling candidates is a huge part of a recruiters job – no calls, no placements. If a candidate has a phone number on their CV, they have given implied consent, so call away! However, be wary if you are recording calls – as this data may be protected differently. Safeguards should be put in place to keep it secure and you need to make the contact aware that their information is being stored.
8. You will be fined £20 million every single time you breach the regulations.
This is the beginning of the end! Nobody can survive the cost of GDPR, so every organisation that isn’t making millions will cease to exist. Just kidding!
Data privacy compliance is going to be more challenging under GDPR. Maximum fines for noncompliance are set at 4% of annual global turnover or €20m, however, fear not, large fines are expected to be reserved for serious abuses (and for those making no effort to comply!). The key is to do what you can now and to prioritise and document your processes.
9. Brexit means we are no longer affected by GDPR.
No EU, no rules? Wrong! Just because we are leaving the EU (whenever that actually happens), the UK Data Protection Bill will ensure that the GDPR lives on in the UK, regardless of Brexit – sorry everyone! The UK regulator has confirmed that the GDPR will be enforced in the UK, so no excuses!
10. Without a professional GDPR consultant, your business will fail.
How many calls have you had offering you a GDPR consultation? How many have tried to charge you an eye-watering amount for those services? Do. Not. Fall. For. It. Read up on all the information available to you, and you’ll be just fine.
Our advice to you is to keep calm and carry on. Don’t fall into these typical myth traps – you still have a little bit of time to get your ducks in order, but don’t leave it too late!
