You are using an outdated browser. For a faster, safer browsing experience, upgrade for free today.

GDPR and what it will mean for recruitment agencies

Thursday 1st March 2018

Sterling - GDPR and what it will mean for recruitment agencies

May 25th 2018 will bring with it a brand new era of data protection for businesses across Europe, as the General Data Protection Regulations come into force. Time to prepare is fast running out, and therefore agencies must not only ensure that their systems and processes comply with the regulations but also that they are using suppliers who are compliant with GDPR.

That being said, if your agency already endeavours to comply to the current Data Protection Act (DPA), then any changes necessary will be minimal. GDPR aims to provide comprehensive and consistent regulations across EU member states; the UK will still comply to these regulations post Brexit.

In its basic form, GDPR is looking for much more transparency by businesses in informing individuals how their data will be collected, used and stored. However, the processes for which each of these is carried out should be carefully considered and above all protected from outside threats, such as cyber attacks.


Gaining consent from candidates will now be much trickier, as consent must be granted for each purpose of using an individual’s data. For example, if consent is granted to use data when applying for a role, but then this data is also used to market new roles; in this case consent would be required for both purposes.

Implied consent (i.e. a pre-ticked opt-in box) will no longer be acceptable under GDPR. Candidates must actively tick a box to agree for their data to be used and stored by the recruitment agency. In addition to this, an agency must provide precise guidance on how they can withdraw or amend their consent. With regards to consent and data, a detailed paper trail must be stored to highlight when consent was given, for what purpose and how the data will be stored.

Storing data

One of the main objectives of GDPR is to improve how securely data is stored. This comes as a result of numerous high profile data breaches over the past few years. Ultimately data must be protected adequately and therefore agencies must ensure their cyber security procedures are effective, and that they have the knowledge of what to do in cases of data breach.

In addition to this, agencies will find significant benefit from ensuring that businesses on their preferred supplier list also have strict procedures in place to ensure compliance with GDPR. Particularly for umbrella and agency business relationships, effective compliance with these regulations will ensure that contractor data is sufficiently protected as well as ensuring contractors are happy with the way in which their data is used.

For more information on GDPR take a look through the Information Commissioner’s Office comprehensive guidance.

The team at Sterling have spent the last few months assessing our data protection procedures to ensure that they comply explicitly with GDPR. We have invested a great deal of time in doing this to reassure both our recruitment agency partners and contractors that we take data protection seriously and that we are fully compliant with these new regulations in preparation for 25th May 2018.

Download our useful guide to GDPR here.

Previous resource Next resource