Automated data processing is often used in recruitment and HR management. Here are some examples:

  • Automatic filtering out of job applicants who don’t have a 2:1 or above
  • Use of trackers to performance manage staff by measuring speech, movement and stress levels
  • Appraisals or any form of data sifting to make decisions on reward and promotion

What will change?

The European Union are making changes to the General Data Protection Regulation (GDPR).

Currently, individuals can request that no automated decisions are made using their personal data. When the new legislation comes into effect in May 2018, individuals will have to give explicit consent before their data can be used in automated processing. In addition, it will be the company’s responsibility to make sure its data subjects understand exactly what their information is being used for.

The law will come into effect regardless of the stage of the Brexit process. Failure to comply will result in fines of up to €20m, or 4% of the business’s global turnover.

Get ahead of the game

  • Consider where and why you’re using automated processing, and decide how you will communicate this to those whose data you use.
  • Carry out a data audit. Carefully assess your current HR data activities and identify any potential weaknesses under the GDPR changes. It goes without saying automated processing should not be used to make HR decisions based on protected characteristics under the Equality Act 2010.
  • Develop a plan to gain and document consent. This may mean adding a tick box on your recruitment portal, or getting in touch with existing employees to gain their permission retrospectively. Also, consider the encryption of data you collect.
  • Check the compliance plans of external Suppliers/Recruitment Partners
  • Determine whether a Data Protection Officer (DPO) needs to be appointed and, if so, think about how best to recruit, train and resource one.
  • Begin adhering to the new legislation as soon as possible so that you can iron out any kinks before the fines are introduced.

Keep informed at the Information Commissioner’s Office (ICO) website

Transparency is key. Ensure individuals understand exactly what they're agreeing to.