"Find out how the General Data Protection Regulation (GDPR) impacts your recruiting process, the technology you use to support, and job candidate privacy. GDPR impacts all recruiting and HR teams across the globe who are recruiting in the EU or engaging residents, employees living in the EU or are EU citizens working in another country that are interested in applying as a job candidate to your organization. We are fast approaching the May 25th GDPR compliance deadline. Fines are as large as €200 million or 4% of global company turnover for non-compliance violations.
This presentation focuses on European-based companies as well as U.S. based organizations who are hiring globally.
In this one hour presentation you'll learn:
*What recruiters need to know, Compliance concerns for your HR Tech and third party partners/vendor
*GDPR compliance, data storage, and deletion requirements per the GDPR
*Operational GDPR changes your COO and executive leadership is thinking about beyond HR and recruiting
*Where to get started with compliance and resources to be able to ensure that your data storage is prepared for the GDPR deadline.
6. What to Expect
Meant to be a spirited discussion to drive awareness,
learning, & consideration around GDPR for recruiting
Will examine opportunities, risk, and overall
understanding
Ask questions, engage, and participate with our panelists
*This presentation is designed to guide you and we recommend you educate yourself by reviewing GDPR guidelines
and also working directly with a licensed attorney.
7. What is GDPR?
Global Data Protection Regulation
Takes effect May 25th, 2018
Data protection for individuals in the EU
Individuals have control over their personal information
Includes job candidates, application and hiring processes
Fines up to the GREATER of €20 million 4% of GLOBAL turnover
for non-compliance
9. POLL QUESTION #1:
Have you been asked by candidates about GDPR
compliance or candidate data in the last 90 days?
Yes
No
10. Candidate Rights
Global Data Protection Regulation
Takes effect May 25th, 2018
Data protection for individuals in the EU
Individuals have control over their personal information
Includes job candidates, application and hiring processes
13. How GDPR Impacts: US
Hiring EU citizens or residents
U.S. based company working in EU
Company who process/interact with EU
candidate data
U.S. companies will need data protection officer
in EU
14. How GDPR Impacts: EU
Impacts all EU citizens & residents
Companies recruiting in EU
Supporting vendors & partners
Includes recruiting agencies & supporting technology
Process created for data acquisition, storage, and
removal
16. POLL QUESTION #2:
What is biggest area of concern as it relates to GDPR?
Preparation
Regulation and monitoring
Fines
Your compliance
Vendor/Partner compliance
23. Examples of Questions to Ask Your
Vendors & Partners
Have their contract terms changed with GDPR?
What level of consent do you seek when applicants submit their data?
Process for storing, collecting, & deleting data
Timeline for auto deletion - circumstances & data type
What is documented timeline for keeping data?
What processes exist to to keep data up to date?
26. Comeet & GDPR
No “one size fits all” roadmap
Minimize the effect on non-EU operations
Ensure flexibility & control
Don’t wait to begin GDPR compliance planning
Make it simple
Leverage the opportunity
*Learn more about Comeet’s Established GDPR Guidelines at bit.ly/comeet-gdpr
JMM: Hi and welcome to our GDPR Basics webinar How GDPR impacts recruiting in the U.S. and EU. My name is Jessica Miller-Merrell and I’m the founder of Workology and your webinar moderator today. Before we begin, I wanted to share a few housekeeping rules, slides will be made available after the presentation as well as a recording of the presentation for you to view again and share with your colleagues and peers.
The is an interactive webinar presentation and we encourage you to ask questions and take part in our poll questions. I’m certain that this presentation will generate a lot of meaningful discussion and questions. If you are viewing this presentation live, you can ask your question in the chat box. I’ll be doing my best to ask questions at the end of this presentation. Don’t fret, if we don’t get to your question, we will be getting back to all attendees to answer questions through in the next few days.
JMM: Before I introduce our panelists, I wanted to make you aware that this presentation is approved for 1.0 Global HRCI and SHRM recertification credits. Comeet will be sending you your recertification credit codes on Monday after the webinar along with copies of the presentation slides, and recorded video. For those of you that are watching the recorded webinar, please check your email inbox at the end of the webinar and you’ll receive your HRCI and SHRM org code information. For those of you outside of the U.S., this is the U.S. equivalent of CIPD bodies.
JMM: Comeet is a collaborative recruiting technology platform designed to help you hire quickly finding and screening the best talent for your organization. Comeet helps you work more efficiently with your hiring managers and interviews to reduce hiring bottlenecks. Comeet offers a number of great resources including more webinars like this one as well as a email newsletter and other helpful resources designed for and with the recruiting and HR practitioner in mind.
JMM: Once again, my name is Jessica Miller-Merrell. I’ve worked in a global HR and recruiting capacity for nearly 20 years. As the founder and owner of Workology and Workology Podcast which are leading HR and recruiting global resources, I’m focused on sharing valuable HR and recruiting resources including providing you with access to experts like our panel with workplace leaders with you. This webinar is brought to you in part by Comeet, a global collaboration recruiting platform and technology. I’ll be sharing some resources that Comeet has developed for you focused on GDPR at the end of this presentation.
Debby Clement has over 20 years’ experience in developing recruiting techniques for SME’s and training recruiters. Debby is a Comeet evangelist and heads Peopley, a software and services company who’s mission is to transform and re-humanize recruiting for ambitious businesses.
Mat Diss is a CTO with over 25 years’ experience in both PLCs and SMEs specialising in Tech recruitment, mobile and e-commerce. He advises a number of companies on business growth and IT strategy.
JMM
TIFF - There are lots of unknowns right now as it relates to the GDPR, this will really evolve. We are waiting for guidance. This presentation is designed to guide you and we recommend you educate yourself by reviewing the GDPR guidelines and also working with an attorney. **Include remember this is general information, seek legal advice about your legal situation
Tiffany
JMM
JMM -Will Debby and Matt if they are surprised by survey results.
Point - Tech world - most candidates are dealing with GDPR as it relates to their company
many points up for debate, interpretation, disagreement - YOUR process is important
Tiffany/Debby
Example - Candidate Request this week for deletion of details … scenario share
For summary of the 8 individuals have & checklist suggestions - go to the ICO website
!if you are using Agencies - it may well be that your personal details (as client) are being stored on an agency CRM system
? Tiff - any likelihood of different interpretations between EU countries? Ie. UK ICO say x, French ICO equivalent says y.
There are 8 candidate rights you need to take into account … you must have an open, transparent process behind each stage of your recruitment process
Remember your purpose may vary … as a candidate goes through your recruitment process … eg. Headhunt/ talent pooling/Graduate recruitment
Your “Purpose” in dealing with a data subject is key … everything hangs off the back of this
But Remember your purpose may change - at that point you need to apply the right GDPR processes around that purpose
Scenario share - Eg. Headhunt Outreach - processing Purpose is to see if they are interested in my job - …possible Outcomes
Yes - gimme the job - process changes …
“Not interested” - purpose hold info to know they weren’t interested?
“Delete me” -
5 lawful basis for processing data - which one applies and for what purpose
What’s the Purpose of the activity - apply right lawful basis -
GDPR is a moving target. JMM will point out. This is a slide to move forward the conversation.
Debby/Tiffany: For HR and recruiting, GDPR is focused on pre-employment in the areas of recruitment and selection. These are the areas we will be discussing in our presentation today.
Debby/Tiffany
Debby/Tiffany
JMM
JMM -Will Debby and Matt if they are surprised by survey results.
JMM asks and panel weighs in. Debby/Tiffany/Matt
Diminishing value of data / extending time / workload on candidates
Discussion points from Panel Question #1
JMM asks Tiffany and Debby weigh in on discussion.
Tiff: (1) Document what data you collect, what you do with it, and where you send it (2) List out each legal basis you have for processing (3) Record the agreements you have in place with all the third parties you share data with.
Debby - ?legitimately ask agencies you work with for this? Resent agency terms...
JMM
JMM asks. Will ask panelists to weigh in on any surprises.
Debby ?Contracts review
JMM asks. Debby/Tiffany/Matt weigh in. Next slide with talking bullets for question used as point of reference.
Debby/Tiffany/Matt weigh in. Slide bullets used as point of reference.
JMM asks. Matt and Tiffany weigh in. Also might mention psychometric profiling and any automated decision making. Might be a good consideration for future podcast interview.
JMM will moderate and leave a final thought. Will ask Tiffany, Matt and Debby (in order) to leave a final consideration and learning on the subject.
Debby - KISS, do your own legwork, original work - don’t rely on someone else’s processes.
JMM: We at Comeet takes GDPR series. Comeet is a global company that wants to make hiring agile and collaborative. Comeet knows that you need the flexibility to comply with regulations in both the U.S. and the EU. We are building the tools and technologies to help our customers stay in compliance. Included a link to the support resource. Comeet’s has put together established guidelines in response to the GDPR. They include:
There’s no “one size fits all” roadmap
Achieving compliance is unique to each company and will vary based on criteria such as which EU countries they operate in, whether the business operates solely in the EU, how customers are acquired and the citizenship of those customers.
Minimize the effect on non-EU operations
While GDPR compliance is critical, avoiding interruptions to operations in other regions is also critical.
Ensure flexibility & control
Rather than mandate rigidity, we want companies to have the control and flexibility to define, implement and enforce their own policies regarding data collection and retention.
Don’t wait to begin GDPR compliance planning
Preparation, including notification of candidates regarding consent, will take time. Companies need to define policies, edit email templates and notifications, and adjust automation rules before the GDPR takes effect.
Make it simple for customers
Recruiters and hiring managers shouldn’t have to become legal experts to follow the organization’s policies. Make the compliance path clear, simple and accessible for everyone.
Leverage the opportunity
GDPR compliance is an opportunity. (Really, it is :)). We encourage Comeet customers to use it as an opportunity to clarify other data-handling policies, improve the candidate experience and do some “house cleaning” such as deleting outdated resumes from databases.
We don’t want to go into the details, however, you can learn more to our Comeet’s GPDPR Response Details
Thank you to our panelists, Debby, Matt, and Tiffany for that meaningful discussion. We’re going to be diving into questions so I ask that if you have a question, you please post it in the chat box. We have time for a few questions lives on this webinar. If we don’t get to your question, our panelists will be following up with you. We have a plan to record a special podcast and put together some other resources and information for you.
Question #1 - What data can you and should you keep when a candidate asks to no longer be contacted? Because you want to have a database to be able to ensure you don't contact the candidate again.
Question #2 - What happens if your vendor or technology doesn’t have a position or resources related to GDPR? F/u Is there still time to find a new vendor or technology? Will you be penalized if you don’t?
Comeet will be sharing with you copies of the slides, resources, and a recorded archive of this webinar for by Monday for those of you watching live. Those that are watching our recorded or on-demand presentation, you’ll have access to those same resources embedded on the page you are watching for and again in email.
Those HR and recruiting professionals wanting to take advantage of the 1.0 Global HRCI and SHRM recertification credits, Comeet will be sending you your recertification credit codes on Monday after the webinar. If you are watching this on-demand, please check your email inbox at the end of the webinar and you’ll receive your HRCI and SHRM org code information. For those of you outside of the U.S., this is the U.S. equivalent of CIPD bodies.
I wanted to take time once again to thank you, our webinar attendee for taking the time out of your busy day to participate in our webinar. This was a great presentation made even better by your questions and poll question responses. Thank you also to our expert panelists: Debby Clement, Tiffany Kemp and Mat Diss. I encourage you to connect with them directly on LinkedIn. We’ve included their profile links to make it easier for you.
Additionally, Comeet has graciously included a list of recommended resources on the bottom of this slide for you to access the full GDPR regulation as well as Comeet’s GDPR Compliance and link to other recommended resources. Thank you again and have a great day.
Ico.org.uk resource include this link
http://support.comeet.co/compliance-eu-gdpr/