With the GDPR deadline set of May 2018, it’s going to come around quickly for a lot of businesses. With some news headlines indicating firms are ill-prepared for one of the biggest legislation updates in years, we’ve taken a look at one of the most significant changes set to arise for eligible businesses – the introduction of the Data Protection Officer.
Data Protection Officer Appointment
One thing the GDPR is clear about is the need to appoint a Data Protection Officer (DPO) for businesses under certain circumstances. These are (as cited in Act Now Training):
- Where the [data] processing is carried out by a public authority or body
- Where the core activities of the controller or the processor consist of processing operations, which require regular and systematic monitoring of data subjects on a large scale
- Where the core activities of the controller or the processor consist of processing on a large scale of special categories of data or personal data relating to criminal convictions and offences
From our reading, this includes companies that deliver fraud prevention, online tracking, running of CCTV systems, trade unions, polling companies and cloud providers among other services. We’ve read that size of company could be a factor too.
The Role of the DPO
There have been some articles debating whether data protection salaries will rise as a consequence of the GDPR. Personally we anticipate benefits of this new requirement in IT recruitment.
The role will include;
- Informing and advising the controller or processor of their obligations
- Monitoring compliance with the regulations – this includes assigning responsibilities, raising awareness, training staff and auditing
- Providing advice where needed
- Cooperating with the supervisory authority
- Acting as the contact point for the supervisory authority on issues relating to the processing of personal data
Qualities the DPO will have include;
- Expertise in national and European data protection laws and practices
- Understanding of the GDPR
- Understanding of processing operations carried out
- Knowledge of business sector and organisation
- Ability to promote data protection within the organisation
DPOs will also need continuous training and support by the organisation to fulfil their function. There are courses popping up all over the Internet if you’re interested in qualifying!
GDPR in Recruitment
As well as being a positive driver for IT recruitment (a sector that is already experiencing huge demand for talent), online recruitment agencies will need to review their processes and show evidence of this in order to be GDPR compliant. Areas of the recruitment process likely to be impacted include gaining consent for the use of data and being completely transparent as to how this will be used.
Individuals will also have the right to have their data erased, have access to their data and have any inaccuracies corrected. Taking responsibility for your data cycle is crucial. It’s also important to work with suppliers and partners to ensure total compliance.