Very few recruitment businesses and job board providers have started to train their teams in GDPR.
It is essential to identify data risk areas within every recruitment business and train their staff across the board in new behaviours to support the new GDPR climate. Saving candidate data on disk is no longer acceptable.
One weak link is all it takes
All staff should be trained in best GDPR practice and every recruitment agency should hold a disaster recovery (DR) training session to take the whole team through what to do in case of a suspected or reported data breach.
There is a dual benefit - it will help prevent data breach and shows the world that you're taking the GDPR seriously and are taking action to implement it in your business.
A data breach test run
A DR session should include a comprehensive dummy run using a fictitious scenario:
- Key personnel: who is responsible in the event of data breach, including designating a spokesperson for contact with legal representatives, the media and the data subject themselves.
- Notification protocols: who to contact in the event of breach, how to get in touch with them, approved statements and timelines.
- Data breach response: what happens next in terms of security lockdown to prevent future incidents.
- Post-mortem: a full investigation into what happened and why as well as creating an incident log.
- Procedures: writing up outcomes and key learnings to produce formal data breach recovery protocols that form part of your business’ disaster recovery plan.
Why not see how our platform can help your recruitment business today? Book a demo with us.
This blog was updated January 2019.