Wednesday, 23 August 2017

GDPR in Recruitment – 7 Top Tips for Compliance (Part 2)

In my previous blog, I shared the first 3 of my 7 top tips for GDPR compliance for recruitment agencies.

With Digital Minister, Matt Hancock, having now formally announced the new Data Protection Bill, which will enshrine the GDPR into UK law, as well as preparing the UK, from a data protection perspective, for life after Brexit, I thought today it would be useful to share a further 4 tips on preparing your recruitment agency for GDPR:-

1. Put together a new or updated data protection policy and train employees on it.

This is important as everyone in your organisation needs to understand their obligations under GDPR and how to make themselves fully compliant. It only takes one employee to not fully understand their obligations to allow something like a data breach to occur, which has the potential to result in crippling fines and reputational damage to the agency under GDPR. One area where I often get asked for advice is around BYOD policies (Bring Your Own Device), where there is the potential for employees to be storing copies of the agency’s data or emails on their own laptops or smart phones. Such devices may not adhere to the agency’s security policies and as such policies around protecting data in this instance need especially careful handling. Please feel free to contact me if you need advice on this subject.

2. Put in place processes for ongoing education for all members of staff around cyber security and data protection.

Because the cyber security landscape is constantly changing, it is very important that employees are constantly kept up-to-date with best practice around security and data protection. To help with this, we have put together a free staff training document, “Best Security Practices for Staying Safe Online”, which you may download here. To help with this, we have put together a free staff training document, “Best Security Practices for Staying Safe Online”; to request a copy please email me at

3. Review Your Backup and Disaster Recovery procedures.

GDPR imposes an obligation to look after the personal data of candidates, clients and employees which is entrusted to your agency. This includes backing it up so that in the event of an IT problem, a data corruption, a natural disaster or a cyber attack you have backups from which you can accurately restore that data in a timely fashion. As a minimum, I would suggest that you should be backing up your data daily, but in reality most agencies are now looking at much more frequent backups – in some cases as often as every 15 minutes, or via real-time replication.

You can read more about good practice around data backups and recovery procedures in my blog “Preparing Your Recruitment Agency for GDPR: Data Backup and Recovery” [link to]

4. Create a breach notification plan. 

This is important because if the worst should happen, and you do experience a data breach under GDPR, you need to have a clear plan to deal with it and communicate it as smoothly and accurately as possible, and with the least possible damage to your agency.

If you are concerned about your agency’s GDPR compliance position, please do not hesitate to contact myself, or my colleague Andrew Banning, on 0208 732 5656 or email us on or when we will be happy to arrange a no obligation conference call or meeting.


Xara Computers flagship product, the XC360 for Recruitment private cloud platform, provides recruitment agencies with a fully managed, highly secure, UK based remote desktop running all their own agency’s software. This allows fee earners to work and collaborate in real-time, from any location, using any computer, laptop or tablet, safe in the knowledge that their confidential client and candidate data is centralized and secure. For more information please visit our website

No comments:

Post a Comment