GDPR compliance for recruiters still holds true at home

Recruiters will still need to comply with GDPR during the coronavirus pandemic.

This is according to an expert in helping recruitment businesses meet the regulations, despite the ICO (Information Commissioner’s Office) saying it will soften its approach to take into account the exceptional circumstances.

In a statement on its website, the data protection watchdog says: “The ICO recognises the unprecedented challenges we are all facing during the Coronavirus (Covid-19) pandemic.”

In response to organisations’ concerns that their data protection practices might not meet their usual standards, or their response to information rights requests will be longer, the ICO says it will not take regulatory action. “We understand that resources, whether they are finances or people, might be diverted away from usual compliance or information governance work. We won’t penalise organisations that we know need to prioritise other areas or adapt their usual approach during this extraordinary period.

“We can’t extend statutory timescales, but we will tell people through our own communications channels that they may experience understandable delays when making information rights requests during the pandemic.”

Anna Wisdish (pictured), director of Comply GDPR, whose clients are almost exclusively recruitment agencies and executive search firms, told Recruiter that she welcomes the ICO’s statement that it will adopt a sympathetic approach to penalising businesses during the pandemic, but recruitment businesses and executive search firms “will still need to comply with GDPR and meet their obligations to keep personal data secure”.

Wisdish says among the data protection measures recruitment businesses should consider are:

  • Provide staff with the guidance, tools and resources they need for homeworking – for example, online access to documents and secure apps for using your recruitment database via Smartphone or tablet.
  • Keep regular proactive communications with staff so that they can continue to seek your guidance and ask advice from colleagues.
  • Document and assess the risks that come from employees working from home or other changes to your day to day business and take action to address them.
  • Remind employees of your company policies and procedures for GDPR, eg. for protecting personal data and for data breaches, and ensure they have had recent relevant training.
  • Update your ‘Bring your own device’ policy to give clear guidance to employees if you will be asking them to use their own personal devices.
  • If you need to collect additional personal data, such as whether an employee suspects having coronavirus, do it confidentially and keep both the amount of data and how long you keep it to a minimum.

• Comment below on this story. You can also tweet us to tell us your thoughts or share this story with a friend. Our editorial email is [email protected]

Skill-based hiring can have ugly consequences – what can go wrong?

Skill-based hiring (SBH) is a hiring strategy that focuses on recruiting and selecting candidates based primarily on their demonstrated ability to perform each skill required for the position.

2 May 2025

Elite Leaders appoints new Executive Team member

Elite Leaders is delighted to announce the appointment of Chris O’Connell to its Executive team.

People 1 May 2025

Humly acquires London-based education recruiter

Digital education recruitment platform Humly has finalised the purchase of London-based supply agency Future Education.

Contracts 1 May 2025

HMRC to ‘revise’ IR35 CEST tool

The government has announced that its Check Employment Status for Tax (CEST) tool will be “revised” from today [30 April 2025].

Legislation 30 April 2025
Top