• 14 February 2018
  • 7 min read

How we prepared our sites for GDPR

  • Matt Farrah
    Nurses.co.uk Co-Founder

In this article I explain what we've done to prepare our job search and application services on Nurses.co.uk and all of our health career sites.

What is GDPR and who should read this?

GDPR (the General Data Protection Regulation) will become law in the UK on 25th May 2018.

GDPR is intended to provide new laws or strengthen existing laws in each EU country to ensure data protection for individuals is robust and consistent across member countries.

In this article I explain what we've done to prepare our job search and application services on Nurses.co.uk and all of our health career sites.

To help me write this, I've pulled in our legal expert, Tracey Wakelam.

She's helped us re-write privacy policies, terms and conditions and ensured we have the correct tick boxes for consent from job seekers.

Recruiting in health and social care?

Find out how Nurses.co.uk can help your recruitment business or hiring campaigns

Find out more

Tracey helped us to realise we don't need to panic... ... and got us to a position of knowledge and preparedness instead.

You might also pick up tips for your recruitment business too so that you can be sure you've prepared for GDPR.

If you process personal data and you work in the jobs space or recruitment marketing - read on!

What did I do first about GDPR?

My first meeting about GDPR was not with a lawyer.

I had read that protection of data would be key.

Since we store CVs (lots of them - and so email addresses, phone numbers) it seemed to make sense to me that this is where we need to be like a fortress.

I met a company that provides analysis of the security of our cyber data - vulnerability tests, penetration tests, that kind of thing.

They make sure you can't be hacked.

Well, actually it's not about ensuring you'll never be hacked.

Ultimately, you can't guarantee that.

That's not the point.

For GDPR generally it's not about 100% cast-iron guarantees.

It's about proving you have put measures in place.

Getting ready for GDPR is a series of hoop jumping.

That's why it's good to start early.

(By the way, now is no longer early - if you've not got cracking, you better get cracking!)

What did I do next?

Next, I called a Data Protection lawyer.

I chose one that was close enough (Exeter) for us to have meetings easily and who sounded nice on the phone.

No point working with someone you don't get on with.

This is a long relationship.

    Read more

    • GDPR Frequently Asked Questions

    • What is Google For Jobs

We've been working with Tracey from Probert Legal ever since.

It occurred to me that other digital and contingency recruiters might find Tracey's insights into GDPR useful.

So, I'm pleased to say that she has kindly laid it all out clearly, just for you!

By way of thanks I would love you to take note of her business and call her if you're interested in using her services!

Tracey Wakelam - www.probertlegal.com

GDPR's 5 key compliance points for job boards

Over to Tracey Wakelam for the low-down on GDPR compliance

1. Consent

This is by far the most important point for job boards like Nurses.co.uk and any business that will rely on the consent of candidates in order to lawfully use their information.

The GDPR has much more stringent rules than the current legislation relating to consent. GDPR requires that consent is "freely given, specific, informed and unambiguous".

This means a candidate applying for a job on Socialcare.co.uk, for instance, must give their information knowing exactly who the organisation is collecting it - and what they will do with the information.

It's also important to ensure to keep records of when the candidate gives their consent.

Oh, and the use of tick boxes is fine, but they must not bepre-ticked!"

2. Retention periods

Consent is not indefinite.

Therefore it is important to ensure that information is only held for as long as necessary for the purpose for which it was collected.

Niche Jobs are in the process of laying down a clear retention policy and ensuring that candidates who do not engage with the organisation after a set period of time are not contacted again.

3. Passing information to recruitment agencies

There are two issues that need to be considered when passing candidate details to any third parties:

i. GDPR requires that candidates know who you will be passing information to. This may seem like a daunting task. But Niche jobs are dealing with this by attaching a list to their website Privacy Policy. The list will evolve over time, with organisations being added and removed.

Recruiting in health and social care?

Find out how Nurses.co.uk can help your recruitment business or hiring campaigns

Find out more

ii. The other issue that Niche is currently tackling is having written contracts with the agencies that requires them to comply with rules in relation to ensuring the security of any candidate information that they receive. I have created for them a new set of terms and conditions for both UK and non-EU countries.

4. Protecting personal information

This is not terribly new.

It's always been a requirement of the Data Protection Act 1998 to ensure that personal information is held safely and securely.

It's just now more important to prove this.

As Matt said above, he's been looking at data security measures to make sure Niche Jobs are compliant with the law.

So long as he documents what he's done to ensure this (and that there's a process in place for the unlikely event of a data security breach).

5. Being aware of the rights of individuals

The GDPR puts new rights in place for individuals.

The Data Protection Act has allowed individuals for many years to request copies of their own information.

GDPR goes a little further.

It has strengthened that right by removing the ability to charge for such requests (unless for multiple copies).

GDPR also adds further rules:

• the right to be forgotten

• the right to rectification of information

• the right to erasure

• the right to prevent automated decision making

• the right to have a copy of the information transferred to a third party

It's unlikely Niche Jobs will receive a lot of these requests.

But they are making sure they have a procedure in place to deal with the request within the timescales laid down in the legislation.

A few handy videos about GDPR

Video: The road to GDPR compliance
9 Steps to prepare you for GDPR
The ICO's video about GDPR

Let me know how you get on.

Get in touch - send a comment!

About the author

  • Matt Farrah
    Nurses.co.uk Co-Founder

I studied English before moving into publishing in the mid 90s. I co-founded Nurses.co.uk in 2008. I’m interested in providing a platform that gives a voice to nurses and those working in care and nursing. I'm fascinated by the career choices we make. In the case of those working in care I've discovered that there's a positive, life-affirming common theme: they do it for love not money.

See all of our RGN jobs

5711 jobs currently available

Search Jobs

  • Matt Farrah
    Nurses.co.uk Co-Founder

About the author

  • Matt Farrah
    Nurses.co.uk Co-Founder

I studied English before moving into publishing in the mid 90s. I co-founded Nurses.co.uk in 2008. I’m interested in providing a platform that gives a voice to nurses and those working in care and nursing. I'm fascinated by the career choices we make. In the case of those working in care I've discovered that there's a positive, life-affirming common theme: they do it for love not money.