What is UK GDPR?
The UK General Data Protection Regulation (UK GDPR) was introduced on the 1 January 2021. It is based on the EU GDPR which came into effect on 25th May 2018 and applies to ‘controllers’ and ‘processors’ of personal data.
The UK GDPR was drafted as a result of the UK leaving the EU, it amended the Data Protection Act 2018 (DPA) and merged it with the requirements of the EU GDPR to form a new UK specific data protection regime. This is a business-critical area with multiple touch points for recruiters. Put simply, you are in the business of using the personal data of clients and candidates to make introductions and arrange placements. You may also employ large workforces about whom you hold and process considerable amounts of personal data.
How do I use the toolkit?
Our toolkit has been created to provide guidance and some precedents to help you with your UK GDPR compliance. We also link to third party documents and sites that you might find useful.
Use Toolkit documents and advice as a guide, however, we also recommend that you attend events (including APSCo meetings) plus you may need external paid legal and technical advice and supplementary training for you and your staff.
Use the links below to access the most up to date advice and information.
ICO are regularly publishing guidance and there is an overview (which is maintained). Click here to see more.
Checklists and Tables
We have drafted a checklist to help you work through the issues you need to consider prior to 25th May 2018. However, don’t forget the need to undertake an IT and data security audit. The ICO takes data breach very seriously and many data breaches arise from straightforward errors and sloppy employee behaviour. Click here for more information.
Precedents and Contract Suggested Wording
GDPR compliance has to be bespoke to your organisation. We have drafted a generic privacy notice which contains general content relevant to the professional recruitment industry – but it might not be accurate to your business and a bespoke version must be prepared. Likewise, we can give a steer about the type of issues relevant to you when establishing a retention/deletion process and policy and a marketing policy, but ultimately the decision (and compliance risk) is yours. Click here for more information.
APSCo template terms have also been updated with GDPR changes and are available here.
Still have questions? Visit our GDPR FAQs page