GDPR changes the recruitment industry

PuL becomes GDPR. But what does that mean?

Did you know both the EU Data Retention Directive and the Swedish Personal Data Act (PuL) are from the 90s? Now they will finally be updated! On May 25, both PuL and EU directives will be replaced by the General Data Protection Regulation (GDPR), also called the Data Protection Ordinance. The purpose is to modernize data storage protection for individuals and simplify the lives of business people. For example, we will now only have to adhere to a standard that applies to the whole of the EU, instead of 28 different.

GDPR is not really a whole new team but rather a more modern and updated variant of the Personal Data Act (PuL). The rules that come into force in connection with the new law means that individuals gain more power and control over the personal data they provide. With the Personal Data Act, organizations were allowed to have unstructured processing of personal data. The new data protection regulation means that no personal data can be stored without consent and that people who give up personal data are given more rights.

Below are the most important changes you need to know that take place in connection with the Data Protection Ordinance.

How will the recruitment industry change in connection with GDPR?

Companies and organizations no longer own collected data. When you register, you get more power over the digital prints you leave. Companies can no longer claim that your collected personal data is the company’s property. With the new law, there are rules about how many people should know information about candidates. For example, eligibility levels for managing personal information relating to candidates will be applied to recruiting managers.

Recruiting executives are required for clear communication routines.

Recruitment managers are required to be more accurate about how they share information. Information exchanges that occur in connection with an application for a job are seen as personal data. In short, when the Data Inspector knocks on the door, you should be able to state how personal information is handled, why it is stored and what procedures are available to make sure the information being recorded is safe.

Your footsteps are time-limited.

Information provided by you is registered for a certain period of time before your personal information is deleted from the person responsible for personal data. You will also be able to make more demands on the company. For example, you may require a company to correct personal information, delete information that derives from you, or deny personal data used for automated decision making.

No more junk – The abuse rule disappears!

Earlier when PuL was the law that determined how companies should handle personal data, there was also a rule called the abuse rule. There was an exception that involved the handling of unstructured personal data, meaning personal data infrastructure material (for example, in an email, easier lists or documents) may occur if personal privacy is not violated. However, as the Data Protection Ordinance enters into force, all registered personal data must have a clear purpose and be documented; the same rules apply to personal data in email as in databases.

Prior to GDPR, organizations could handle personal data in a more structured way if they were found in simpler lists and emails. As this rule disappears, the same rules apply to all handling of personal data. Therefore, an e-mail must thus be handled in the same way as a structured database.

We now need to be more careful about what is sent by mail as the abuse laws will affect Jobtip and other companies that handle personal information. To ensure this is complied with, it is important the entire company receives information about GDPR and the new rules. It is also important that you gradually introduce the changes. Otherwise, there is a risk that staff recruited before May 26 will continue to handle personal information as before.

Mail is often something that everyone sends on the company and many send information without thinking about it. Therefore, it is essential these changes are well established throughout the company.