This is according to an expert in helping recruitment businesses meet the regulations, despite the ICO (Information Commissioner’s Office) saying it will soften its approach to take into account the exceptional circumstances.

In a statement on its website, the data protection watchdog says: “The ICO recognises the unprecedented challenges we are all facing during the Coronavirus (Covid-19) pandemic.”

In response to organisations’ concerns that their data protection practices might not meet their usual standards, or their response to information rights requests will be longer, the ICO says it will not take regulatory action. “We understand that resources, whether they are finances or people, might be diverted away from usual compliance or information governance work. We won’t penalise organisations that we know need to prioritise other areas or adapt their usual approach during this extraordinary period.

“We can’t extend statutory timescales, but we will tell people through our own communications channels that they may experience understandable delays when making information rights requests during the pandemic.”

Anna Wisdish (pictured), director of Comply GDPR, whose clients are almost exclusively recruitment agencies and executive search firms, told Recruiter that she welcomes the ICO’s statement that it will adopt a sympathetic approach to penalising businesses during the pandemic, but recruitment businesses and executive search firms “will still need to comply with GDPR and meet their obligations to keep personal data secure”.

Wisdish says among the data protection measures recruitment businesses should consider are:

• Provide staff with the guidance, tools and resources they need for homeworking – for example, online access to documents and secure apps for using your recruitment database via Smartphone or tablet.
• Keep regular proactive communications with staff so that they can continue to seek your guidance and ask advice from colleagues.
• Document and assess the risks that come from employees working from home or other changes to your day to day business and take action to address them.
• Remind employees of your company policies and procedures for GDPR, eg. for protecting personal data and for data breaches, and ensure they have had recent relevant training.
• Update your ‘Bring your own device’ policy to give clear guidance to employees if you will be asking them to use their own personal devices.
• If you need to collect additional personal data, such as whether an employee suspects having coronavirus, do it confidentially and keep both the amount of data and how long you keep it to a minimum.

• Comment below on this story. You can also tweet us to tell us your thoughts or share this story with a friend. Our editorial email is [email protected]