With the event of GDPR It is vitally important that HR managers and recruitment professionals understand that any business in the UK that collects or uses data for employment purposes must comply with the Data Protection Act.
This means that when you are recruiting if you ask potential candidates for any personal data then you need to make sure that you are compliant, even if you don’t eventually take the person on, or you may find yourself in hot water.
Implement a Disaster Strategy
Needing to protect your data is not new. It has always been important for businesses to protect their systems and data. In the event of a hardware failure having a good disaster recovery strategy in place might just save your business. GDPR has just given us more reasons to ensure that the data we keep is stored and managed properly.
Personal data can be anything in this context identifying the employee but typically this means CV, application forms or pre-employment check results. It applies whether you use electronic communications such as texts, traditional paper based submissions or the more common computer transmission and storage.
The Data Protection Act
The Data Protection Act also applies even if you don’t collect the data, but just transmit or use it. So if for example you outsource your candidate search to a recruitment agency and only receive their CV, then you’ll still be required to comply.
Whilst it is understood that employers need to be able to check the background of their prospective employees there has to be a balance struck between this and the persons’ right to privacy. After all none of us like intrusive personal searches made on us.
It’s important to remember also that when you are conducting pre-employment checks you will need to comply with all elements of the Data Protection Act.
This means that you’ll need to think about;
- Informing the applicant as to what data you will be collecting. Collecting data covertly is a no-no.
- Getting explicit permission to collect, store and transmit data
- Using the information purely for the purposes of recruitment selection. Using it later for say marketing purposes is against the code of practice
- Not collecting more than you absolutely need
- Not collecting information that will only be required when you actually appoint such as their bank details.
- Keeping the data secure and ensuring only employees that need access have it
- Only asking for criminal records information if it is not spent under the Rehabilitation of Offenders act 1974 (unless you have an exemption)
- Only keeping the information collected for as long as is necessary for the purposes of recruitment
- and if you are carrying out pre-employment verification or vetting then making sure that the applicant knows in advance that this will be done
- Ensuring that any information collected isn’t used in a discriminatory way
Getting this right, especially in the area of pre-employment checks, qualification verification or criminal records checks can be a difficult balancing exercise. It is no wonder that recruiters often dislike designing new forms or processes in case they inadvertently break the rules.
Here at Checkback we have developed our pre-employment background check service with full Data Protection compliance in mind.
Our service starts from the moment that the candidate applies and ensures that all forms collect only required data, are fully transparent so that the applicant knows they will be vetted and collect data in a secure manner.
All of our online forms are fully compliant and ensure that the applicant understands exactly what will happen at every stage of the process.
Our systems are designed with security in mind and we guarantee that all access and transmission is compliant, leaving you with peace of mind.
If you would like to find out more about how our pre-employment checking service can help you with data protection compliance then call now us now on 01442 816333
The Information Commissioner’s Office (ICO) publishes a useful guide to the code of conduct for employers. You can find out more about the code of practice at the Information Commissioner’s Office website here