The General Data Protection Regulation (GDPR) will enter into force on May 25. In addition to bringing significant changes in the marketing area, it will also have a strong impact on human resource management. In order to avoid the large fines that non-compliance with the RGPD entails, companies need to introduce important changes in the process of personal data in a labor context. In today’s article, we address the key implications of GDPR in human resource management!
Necessary consent of the candidates for the processing of the data
If the tacit consent of the candidates was sufficient to enable the company to process their personal data, now companies need to obtain the explicit consent of the candidates for the processing of their data. Applicants who are not recruited must also give their consent for the processing of their personal data in future recruitment processes.
Updating database curricula
A written communication must be sent to the candidate in such a way that the candidate expresses his written consent to the retention of his data in the database. At this moment there should also be confirmation that the data is up to date and if not, the candidate should update them. If the candidate doesn’t respond to this communication, the company must delete the curriculum at the end of the established deadline.
The human resources management area should create a procedure for obtaining consent from candidates submitting spontaneous applications where they accept the treatment and retention of their curricula. Here, the purpose of the data processing and the time frame in which the curriculum will be kept in the company database must also be indicated.
Active recruitment can only be done with individuals who make their contacts available on platforms dedicated to the world of work, such as Linkedin. In this case, there is the will of the candidate to be contacted by companies. However, after the first contact, there must be an explicit consent from the applicant to the continuation of the processing of his/her personal data.
Preservation of personal data in the company database
The new regulation obliges companies to keep only the data that is up to date. In addition, there is a principle of minimization in the law that says that the data can only be kept by the company during the period strictly necessary. Thus, when a particular recruitment process is complete, human resources management must have a procedure to eliminate curricula and all the complementary documents collected during the process. The new law states that curricula will remain updated during a year and after this deadline the documentation must be deleted or there must be a written communication for the applicant to confirm or update their data.