GDPR and the Case for Using VMS & ATS Solutions
If you’re still on the fence about using VMS or ATS solutions, a looming regulation might finally convince you.
The General Data Protection Regulation, more commonly known as GDPR, is the new European regulation addressing how businesses protect personal data. A single set of rules will now apply for all 28 EU member states.
The GDPR is an updated and enhanced framework that will replace the Data Protection Act of 1998. Much has changed since 1998, and the GDPR reflects that through a wider scope. It aims to protect personal data of every EU member, even if that data technically resides outside the EU.
Non-compliance will be met with much stronger penalties than were previously enforced. Companies that don’t comply can expect a fine of up to 20 million Euro, or 4% of their global annual revenue. This measure has triggered many companies to reconsider how they work with and store personal data.
Forced to confront the flow of information, organisations are now motivated to keep information in one centralised location. The days of haphazard manual data entry on an irregular schedule are over. When a company relies on a contingent workforce (as more and more do, these days), it’s critical that they consider how all of that personal data is protected. For these reasons, use of VMS and ATS solutions should be on the rise in Europe.
The GDPR stresses the import of individual rights, identifying eight of them as requirements:
- The right to be informed
- The right to restrict processing
- The right of access
- The right to data portability
- The right to rectification
- The right to object
- The right to erasure
- Rights in relation to automated decision making and profiling
When it comes to a workforce, whether contingent or permanent, every potential candidate shares personal data as part of the application procedure. From the first CV review to the final candidate selection and onboarding, it is now mandatory for that personal information to be managed and controlled. The GDPR requires it for full compliance.
Companies must have answers at the ready for the following considerations: what data is captured, who can access the data, how the data can be erased, when the data storage term expires, what data is shareable and what channels are used to share it.
VMS and ATS solutions have been grappling with these questions for more than two decades. They are built to support and scale recruitment processes while processing data in a structured, controlled framework. Through their use, you’re helping your company comply with the rules of the GDPR.
US Companies are Not Immune from the GDPR
If you think you won’t be impacted because you’re outside the EU, think again. All US companies marketing products online must exercise caution. If you’re collecting any personal data at all – even an email address, shipping address, or survey response – you may fall under the GDPR. Have US operations with localised web content targeting any EU markets? It’s time to review your regulatory compliance.
The time is here to get on board with the era of the GDPR. A great first step is a review how you intend to protect talent information.