GDPR. The right to be forgotten – and the difficulty that presents.
In the lead up to the 25th May, when the new General Data Protection Regulation comes into effect, Managing Director George Zitko offers his view – and raises an interesting question about the important role candidate data can play in security recruitment.
GDPR is nearly here. This week in fact.
Companies all over the UK have been reviewing their data processing, handling and usage policies – with varying degrees of certainty as to how best to implement the changes to the law.
Here at Zitko, whilst GDPR has allowed us to look into our entire data management process and make several improvements, it has also presented us with a unique problem as a recruiter in the security industry.
GDPR places the power of data ownership firmly with the individual, meaning that any person can request their details be deleted or forgotten from any business that holds it.
For a recruiter, that’s an issue. For a recruiter in the security industry, it’s actually a risk.
It is not going to take the candidate market long to work out the power this gives when it comes to the application process. Any candidate feeling slightly concerned over their previous history with an agency, or the knowledge that agency may have over their past, can request to be deleted, before resubmitting a fresh CV (with or without 100% accuracy) and starting again.
The security industry is a small world. The historical knowledge we have allows us to accurately filter candidates for our clients; not just based on a set of product skills and previous employers, but on an understanding of character and culture. The right to be forgotten or deleted allows that history to be deleted with it, whether for good or bad.
As a recruitment business specialising in security, we have a duty to our clients to ensure the highest level of accuracy when presenting candidates.
We’ve worked hard with our IT team to ensure that any candidate requesting the data we hold on them to be deleted will be. However, the impact this data deletion right might have if used deceitfully, in terms of accurately presenting future candidates to our clients for roles in a highly sensitive industry, remains to be seen. It will be interesting to see how this, and other areas, ultimately play out in the new data-ownership world in the coming months and years.