What Does GDPR Mean for You?

Published on November 7, 2017 | By Sarah-Jane Ellis

Does the 25th May 2018 ring any bells? Well, it is the date the EU’s General Data Protection Regulation (GDPR) takes effect. Recruiters and organisations may be gearing up but are you ready? I must admit I have not given it much thought. Only now as we ‘speed’ into the New Year am I waking up to the implications.

What is GDPR?

The UK Data Protection Act 1998 is very clear on this subject. Stating that businesses may not keep personal data for “longer than is absolutely necessary” and then only for a limited period, with the owner’s permission.




GDPR takes this to another level. There are stringent penalties for non-compliance: 4% of annual turnover or £20 million, whichever is greater.




Any agency holding your information must ensure it is current and up-to-date. This is a huge challenge for recruiters who have built up databases containing literally thousands of candidate CVs. Only the other day I was contacted by an agency that I had not heard from for over fifteen years. As you can imagine, their information on me was woefully out of date; the only constant being my email address. It started me thinking about how many other recruitment organisations retained my outdated personal data. Moreover, who these agencies were and what information they held on their databases. I doubt many of us would be able to say, with any degree of certainty, where all of our old CVs reside. Indeed, for those contractors amongst you it is highly likely that your profile is spread over a very wide range of recruiters and clients.

The obligations on those holding our information are well documented. Data protection laws govern the use and storage of personal data requiring that it is relevant and up-to-date permission is sought from the owner of the material. However, what are the implications for candidates? Coverage of GDPR from a candidate perspective seems somewhat sparse. There have been articles looking at aspects of consumer rights over their data – see BBC 14th April 2016.




The above article is relevant but not specific to candidates and their respective data. To date there has been limited communication from recruiters as to how they plan to adhere to GDPR. Hopefully this will filter through in 2018.

From a candidate perspective, have you thought through the implications? Personally, I welcome the move for a variety of reasons. It will prompt me to undertake a long overdue spring clean of my agencies. Having recently gone through an exercise to overhaul an array of personal papers – filing, scanning and shredding – I can see the benefits of a more streamlined set of documents. In many ways, GDPR will be another opportunity for me to review agency relationships. Reconnecting with those I have lost touch with over the years and provide current information plus exploring new avenues. It may also mean that there are some agencies which are no longer relevant or appropriate for me and vice versa. For example, those agencies who contact you, purporting to have an upcoming contract that would suit you but does not exist but simply to harvest leads; yet they retain your CV and personal data. Data security is further re-enforced, and given cybercrime growth, I am keen to have more control over my personal data. A point echoed in the article below:




In readiness for the 25th May I am updating my personal information alongside a plan as to where, and with whom, I want this detail shared.