After months of preparations, the day has finally arrived. As you are no doubt aware, new GDPR legislation came into force this morning and we are delighted to have assisted over 300 companies on their compliance journey over the last 12 months.

Many of our clients have voiced concerns over the impact of the legislation on their businesses in recent weeks, sighting the implementation cost in terms of both time and resources and the uncertainty over what compliance actually looks like. After all, the government has offered no approved certification process which would have at least given businesses some piece of mind.

In the absence of such a system, businesses like yours and ours have done their best to understand and interpret the legislation and what it means for recruitment businesses and recruitment websites in particular.

Based on this process of research and consultation with legal professionals, we have made a series of changes to our recruitment websites that we believe ensures our clients’ websites are compliant in the following key areas:

1. Positive opt-in & verifiable consent
2. Right to withdrawal of consent
3. Pseudonymisation of data
4. Data breach reporting protocol
5. Data portability & data access requests
6. Right to erasure of data
7. Cookies consent

In addition to these front-end modifications, we have strengthened our security features behind the scenes which prevent unauthorised access to our client’s data and guard against data leakages and malicious attacks.

We hope this gives some peace of mind to our clients. But for those who are still worried, especially the many small businesses we work with day in, day out, you may take some comfort in the following extracts from the Information Commissioner’s statement on BBC Radio 4’s Today programme this morning.

‘What we have been saying to small businesses, and we have received 60,000 calls in the last month from small businesses getting ready for the GDPR, today is not a deadline. What we are looking for is commitment to move forward with their new obligations, we are not looking for perfection.
It is nonsense to think that the regulator, the ICO, is going to make early examples of small businesses by levying large fines.’

‘We are a proportionate regulator. We are a harms-based regulator, looking at issues that create harm where companies are misusing data. We are watching some of the big players, certainly the big tech companies. Small businesses should not panic. There’s lots of help and if we had a complaint, if there was a data breach and a company came to us, then we would first look at if they were on their compliance journey and they were aware of what they needed to do, that they had safeguards in place to protect personal information.’

No doubt, in the coming months, as the landscape becomes more clear and new information emerges about best practices in relation to GDPR compliance, many companies will tweak their GDPR implementation and I am sure we will be no exception.

Our goal is to work together with our clients to achieve a level of compliance that provides peace of mind all round and most importantly, upholds the rights of individuals to data protection.

We would like to thank all our clients for their support and insights during this journey and we remain ready to listen and respond to questions, concerns and requests that arise post 25th May.

The entire interview with Elizabeth Denham, the Information Commissioner at the ICO, is available to listen to as a podcast on the BBC website for 30 days at https://www.bbc.co.uk/programmes/b0b39v9p.