GDPR – a subtle acronym with the power to drive intense fear into recruitment agency leaders everywhere. The General Data Protection Regulation goes into effect on 25 May 2018 and requires companies operating with the European Union to adhere to a set of data privacy protections and reporting requirements around personal information. The necessitation of documentation, process improvement, and transparency around personal data is especially resource-intensive for recruitment firms who answer to two disparate sets of stakeholders: customers and candidates. In this RIX Q&A, Dieter Braspennincx of ParkLane Insight – responsible for his organisation’s GDPR compliance, takes a refreshing point of view on the looming deadline. In Dieter’s eyes, GDPR is not a challenge, it is a profound opportunity for process improvement and organisational betterment.
RIX: With the GDPR deadline quickly approaching, what are your biggest outstanding concerns?
Dieter Braspennincx: The biggest challenges linked to the GDPR legislation are not the policy-making, the setup of new processes, the adjustment of existing processes, or the fulfillment of the documentation requirements. GDPR requires a mindshift of the entire organisation, and prioritising change management to create awareness within the company is the most challenging aspect. May 25th 2018 is only the beginning: compliance will be a continuous process.
RIX: What are the critical areas that you are confident you’ve prepared for already?
DB: Since we have been anticipating the rollout of GDPR legislation since the end of 2015, we are confident we will meet the initial requirements set within the regulations in the coming months. After that, we have defined and articulated our long-term ambitions, culminating in an action plan to meet our GDPR goals. Again, May 25th of 2018 is only a starting point.
RIX: Given the regulatory environment within mainland Europe being as it currently is, was your approach significantly different in terms of documentation?
DB: Within GDPR legislation, it is legally required to provide both an overview of all the personal data stored with the organisation and an overview of the all data management processes regarding said personal data. Next to that, the burden of proof lies with the organisation, so part of the initial requirements for GDPR compliance, effective May 25th of 2018, include setting up this foundational documentation.
RIX: Are there positives you can point to from the experience of preparing for GDPR? How will this help your company in the future?
DB: Although GDPR legislation is often viewed as a burden, it shouldn’t be. The regulation actually creates opportunities to improve data quality and to boost process efficiency and automation. Organisations will benefit from these indirect results of GDPR in the short and long term because they will be able to execute processes more quickly and more effectively.
RIX: As you think about doing business post-GDPR, are there new issues, processes, and/or regulations on the horizon on which you’re already focusing?
DB: As mentioned earlier, May 25th of 2018 is only the starting point. This will be the beginning of an interesting and eye-opening journey in which authorities and organisations discover the full and myriad implications of GDPR legislation, leading in turn to new insights and further fine-tuning of the regulation itself.