GDPR and how this affects you, HR and recruitment – globally

Written by: Leonie Pentz, VP EMEA AIMS International, Managing Partner AIMS South Africa

With the 25th of May creeping closer, everyone is talking about Privacy, the General Data Protection Regulation (GDPR) and how this new legislation is affecting business and, very importantly, what should change in how we manage personal information. Talking to Elizabeth de Stadler, plain language and privacy law expert and Author of “A Guide to the Protection of Personal Information Act” about what our Clients and AIMS Partners should be aware of and what actions we should take to prepare for this new legislation, Elizabeth makes the following very important point; “We firmly believe that good data management is crucial, regardless of whether legislation compels organisations to take it seriously…”

It is important to remember that GDPR will not only have relevance in the countries where this legislation originates. For example: if an Indian company has an office or subsidiary in any EU country, the subsidiaries (and possibly even the whole group of companies) will also have to be compliant. To boot, in the case of a South African branch of a German head quartered business, you will have to be both POPIA (Protection of Personal Information Act) and GDPR compliant. The good news is that if you comply to GDPR, chances are that you will also be compliant to the POPIA and certainly most privacy and information legislation laws globally. Even if your company has no presence in the EU, but you offer goods or services to EU citizens, you most definitely need to comply to GDPR as well. You are also not off the hook if you have a distribution agent or even a postal address in the EU.

Where does one start? Elizabeth says it starts with “Knowing your information: Document what personal data your organization holds, where it came from and who you share it with. In other words, organisations should do a personal data audit”
Most people I speak to focus on client information. However, the most vulnerable is certainly your own employees’ information. Your company has personal information about each and every employee; their bank details, even family and health information; HIV status, doctor’s diagnoses, medical insurance details. The list is legion. Taking control of where you keep this information and who has access to it is a good start. The golden rule is to have as little information as possible. If you do not need it, destroy it. If you do not need to share it, don’t.

When it comes to recruitment processes, the same rules apply. Applicants often over-share in the excitement to land their dream job. Only keep the information that is necessary. Get rid of applicant information of unsuccessful applicants as soon as you can (you may want to keep it for the window period within which unsuccessful applicants can object). If you have a career website, the ideal is for applicants to manage their own information via an applications platform, because then you can safely assume that the information is up to date and accurate. Ensure the information is hosted on the cloud with a reputable hosting company in Europe where privacy laws are strict. Monitor how many people in your business have access to a new employee’s information – from the HR manager doing the initial interview through to the director’s office and the data capture officer who inputs the successful incumbent’s personal data on to your payroll system. How many times did you print this information? What happens to these hard copies…?

This brings us to your own personal information. Elizabeth is a firm believer that, once you train individuals on how to protect their own information, everyone will be more sensitive when it comes to handling other people’s private information. Identification theft is a reality. Ensure that you know your rights when it comes to who you share your information with. For example, when completing info to do a bit of online shopping, those boxes forcing you to “receive our newsletter” or “share your info for marketing purposes” and do not allow you to complete your transaction otherwise – don’t do it! The new legislation focusing on protection of all our personal information will hopefully result in all of us knowing our rights a little bit better and feeling a little more secure in this world of digital data convergence.

AIMS International
Leonie Pentz, VP EMEA AIMS International, Managing Partner AIMS South Africa
Elizabeth de Stadler
Novation Consulting (Pty) Ltd

AIMS INTERNATIONAL DISCUSS HOW DIGITAL INNOVATION AND INTEGRATION AFFECTS HUMAN CAPITAL STRATEGY AT RECENT AGM IN NEW DELHI

HOW THE INTERNET OF THINGS ( IOT ) IS IMPACTING THE LIFE SCIENCES INDUSTRY

1. BLOCKCHAIN – HOW THIS TECHNOLOGY COULD REVOLUTIONIZE FINANCE

HOW CAN HR STAY RELEVANT?

THE FUNDAMENTAL DIFFERENCES BETWEEN A ‘HEAD HUNTER’ AND A REAL EXECUTIVE SEARCH CONSULTANT

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
language	1 year	This cookie is used to store the language preference of the user.
lang_mismatch	1 year	This cookie is used to store if the language preference of the user match the language on the system.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
__cfduid	1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.

Cookie	Duration	Description
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
lidc	1 day	This cookie is set by LinkedIn and used for routing.
li_gc	2 years	No description
ugid	1 year	This cookie is set by the provider Unsplash. This cookie is used for enabling the video content on the website.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat	1 minute	This cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites.
_gat_gtag_UA_87811181_3	1 minute	No description
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
NID	6 months	This cookie is used to a profile based on user's interest and display personalized ads to the users.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Cookie	Duration	Description
CONSENT	16 years 8 months 9 days 4 hours	No description
fstvisit	1 year	First Visit on the website
visited		Confirm you've already visited the website