Understanding Talent Acquisition in a World of Data Regulation
Effective recruitment is not just about filling vacancies but has an impact on organizational issues, such as future skills development, organizational performance, and employer brand.
Research from Accenture suggests that business success will depend on ongoing collaboration between people and technology, to drive efficiencies and innovation: “In the age of artificial intelligence (AI), business success will increasingly depend on people and machines collaborating with each other”.
With competition for top talent likely to increase over the next few years, as a result of the UK’s decision to leave the EU, makes it essential to build a recruitment strategy that allows you to ensure you’re hiring the right people for the right jobs with a robust talent management system.
Good data management is essential in fitting the right people for the right jobs within an organization. The management of employee data must be communicated in a transparent manner, along with the reasons for collecting and holding some information. At 10Eighty we believe that HR professionals are best equipped to lead by example and demonstrate to other departments how data should be handled following the introduction of GDPR.
The GDPR regulations mean that recruitment and hiring professionals must be transparent in their use of automation for hiring decisions and sharing the data gathered during as part of recruitment processes. Consent from candidates to use automated processes and machine learning should be obtained and a system that affords a centralized candidate management system will help to facilitate the process.
HR and data regulation
The management of employee data is a key element for GDPR compliance, but it’s essential that organizations also think about the data they hold on job applicants.
HR is usually responsible for holding employee and candidate personal data and they should be aware that the new GDPR regulations say the organization should only collect data for “specified, explicit and legitimate purposes.” So, for example, when you source candidate data you should ensure you collect only the job-related information needed at each stage of the process. It is important to realize that conditions for consent have been strengthened so consent that was obtained as part of the terms and conditions of employment contracts may no longer suffice.
The organization must specifically ask for consent when processing data like disability information, cultural, genetic or biometric information or information gathered for a background check. You must ask for consent in a clear and intelligible way and offer candidates clear instructions as to how to withdraw their consent should they wish to do so.
The CIPD says the new rules are intended to meet the needs of a digital age and require a change in organizational attitude towards data privacy. HR has a crucial role to play in achieving the new goal of data protection by design and default.
Your starter for 10:
Begin by identifying
- the personal and sensitive personal data obtained from employees
- how and where data is stored, accessed and used, and the legal basis for collecting, storing and processing it
- what data is shared with third parties
- what kind of monitoring of employees takes place and where.
Then design an action plan to review policies, processes, and documentation in order to establish what is required, what training and support are needed in order to demonstrate compliance. You need to review how the organization collects, holds and processes personal data, as well communication with individuals about those activities.
Employees will be able to ask what HR-related personal data is being processed, why it is being used and where it is held. HR must provide a free copy of any data that it holds on request, so the organization needs systems that allow ready access to the data.
The GDPR regulations are designed to bring about a culture shift and HR have a key role in helping the organization to develop a practical approach to the implementation of GDPR compliant strategies.