The European General Data Protection Regulation (“GDPR”) will come into force on May 25, 2018. Replacing the Data Protection Directive, the GDPR will introduce a privacy framework that will bring about significant changes to the ways that organizations collect and process personal data.
Recruitment and headhunting businesses collect and process personal data as one of their core activities. As a result, the GDPR will impact the way these organizations work and operate. Failure to prepare for the new requirements may lead to high fines and reputational damages.
This Legal Update focuses on three specific key actions that recruitment and headhunting companies should consider when implementing their GDPR compliance project: (i) reviewing the legal basis for processing, (ii) updating privacy notices and (iii) reviewing retention/destruction policies.