David Allison reviews the challenges of new data rules for businesses and training providers
GetMyFirstJob, like many other organisations across UK and Europe, are working through the necessary steps for implementation of the new data law, GDPR*. It’s been fascinating to watch the way in which the issues are being raised and communicated across industries and the media, and the lack of clarity that exists in many quarters. It was intriguing that the ICO** themselves only published guidance on some fundamental points in the final days before Christmas.
The result of these two factors has led to confusion – and incorrect advice in some cases. I was on a call with one of our customers discussing their approach to GDPR and careers advice when their external GDPR ‘consultant’ started quoting information that was totally incorrect – we were fortunate enough to be able to help, provide the correct guidance and factual clarity. With fines of up to €20 million or 4% of annual global turnover, this has significant implications if it is not implemented correctly.
As we are working through the issues with many customers as well as our own in-house teams, it’s increasingly clear that GDPR is not that complicated, but does require some strong business disciplines with appropriate systems to ensure compliance. For most providers and colleges ensuring their core business meets GDPR requirements should not be difficult. In many ways, one of their core competencies is compliance – Ofsted and the ESFA have long since installed in all of us in the sector the need for clear rules, good records and standardisation.
It's when you move outside the core areas that compliance can be more challenging. We’re obviously very focused on the acquisition, storage and use of candidate data. For organisations that have a strong central system that follow the main points of GDPR, this should not be a problem:
To help our customers, we’ve identified a few common pitfalls:
We’ve now invested a lot of time and energy to ensure that all our customers can continue to work with employers and candidates in a GDPR compliant way. In the coming weeks we’ll be sharing information about how we have done this as well as providing checklists to help you identify those hidden excel spreadsheets & communication platforms that would put you in breach of GDPR.
Don’t forget – we’re here to help. If you want to talk through how you could benefit from a system that will help you provide insight to employers about their future talent as well as selecting and engaging with candidates in a GDPR compliant way, please contact me at dallison@gmfj.co.uk for more information.
*GDPR - General Data Protection Regulation
**ICO - Information Commissioner's Office