by Paul MacKenzie-Cummins, editor and managing director at ClearlyPR
May 25th is a date that is forever etched in my mind. It is the day of the Miracle in Istanbul – perhaps the most incredible footballing comeback the game has ever witnessed.
As an avid Liverpool fan stood in a tightly packed pub in the city’s centre watching my beloved team take a hammering before overturning a three-goal deficit to beat AC Milan and lift their fifth European Cup, that night was one of the greatest experiences I have ever had. Now another momentous occasion will take place on that date, this time it will be in 2018 and the emotion attached will be less euphoria and more fear. We’re talking GDPR (General Data Protection Regulation).
The fear is that under GDPR, the way recruiters collect and use personal data will become very complicated. How can it be collated? Who can have access to it? How long can it be held for? And, more important, who has control of it?
The theory is that the ownership of personal data is a fundamental right, but as The Economist reminds us and rightly so – “in practice people have long since lost the use of their data, particularly online.”
Indeed, to access most social media and apps, personal data must be shared. Under GDPR, however, control over the use of that data is put firmly back into the hands of the individual.
GDPR isn’t something that was developed on a whim. The process involved all 28 members of the EU (soon to be 27 of course) and five years before agreement was reached, and the bones of it are this:
- Express permission must be sought to obtain and retain personal data
- It must be freely given, but things such as being handed a business card by someone at a networking event does not constitute permission granted to hold their data
- It has to be “unambiguous” and for “specific” purposes, so statements such as ‘your data will be used to help us improve our services’ will no longer suffice
- People have the “right to be forgotten” and can demand that their data is removed from an organisation’s database
- If found to be in breach of the new regulation, organisations face up to $20m in fines, or 4% of global annual sales, whichever is greater
Many SMEs and recruitment business leaders have warned that GDPR could force them out of business; after all, they have spent time and money developing a database that is a primary source of driving new business enquiries as well as engaging with current and lapsed clients. Now they will have to obtain express permission to retain an individual’s data because without doing so, they are obligated to remove it immediately.
So, is GDPR being overly ambitious? Will it damage the UK economy at a time when Brexit and rising interest rates are increasingly its vulnerability? Could this see the UK and the rest of Europe at a competitive disadvantage compared to the US, whose privacy laws are more relaxed?
The Times has proven that great content boosts customer loyalty – if the content you spew out is crap, then they’ll cut you off in an instant.
There are many more questions than there are answers, and the reality is that GDPR will be a messy affair over the first few years as recruitment agencies struggle to get to grips with it. My view is that the architects of GDPR got it arse-about-face. Instead of focusing on regulating the collection of data, they should have concerned themselves more with how that data is used. But, can GDPR be sidestepped?
No, not a chance. However, by looking at the way in which The Times has brilliantly overcome the initial set-backs that resulted when it introduced a paywall to its online version, it is clear that the consistent delivery of content that is
- entertaining and
will ensure that those clients who are genuinely interested in doing business with your agency will stay with you. If the content you spew out is crap, then they’ll cut you off in an instant.