At Volcanic, GDPR is of upmost importance to us. I believe that less than 5 percent of recruitment businesses and HR departments have started to train their teams in GDPR for recruitment.
What I’d suggest all businesses do right now is identify data risk areas within their business and - most importantly - train their staff across the board in new behaviours that will be necessary within the new GDPR climate. Saving candidate data on disk or downloading candidate information to spreadsheets, for example, are no longer acceptable or compliant practices.
One weak link is all it takes
I’d recommend all staff are trained in best GDPR practice, and that every recruitment agency holds a disaster recovery (DR) training session. This is a dummy run that takes the whole team through what to do in case of a suspected or reported data breach.
There is a dual benefit - it will help prevent data breach and shows the world - and the regulators - that you're taking the GDPR seriously and are taking action to implement it in your business.
A data breach recovery test run
A DR data breach session should include a comprehensive dummy run in a role play scenario:
- Key personnel: who is responsibility in the event of data breach, including designating a spokesperson for contact with legal representatives, the media and the data subject themselves.
- Notification protocols: who to contact in the event of breach, how to get in touch with them, approved statements and timelines.
- Data breach response: what happens next in terms of security lockdown to prevent future incidents.
- Post-mortem: a full investigation into what happened and why as well as creating an incident log.
- Procedures: writing up outcomes and key learnings to produce formal data breach recovery protocols that form part of your business’ disaster recovery plan.
Want to find out more? Book a demo today to see more of the Volcanic platform.
This blog was updated January 2019