News

As you’ve no doubt noticed, data protection laws are changing this week. The General Data Protection Regulation (GDPR) comes into force on Friday and businesses all over the country (and beyond) are making their final preparations.

If you’re a recruiter with contractors working through Key Portfolio, I know you’ll be interested in our readiness for the new regulation. I’m happy to confirm that we’re now compliant with the GDPR and wanted to talk you through some of the work we’ve done to get there:

• We established that in all circumstances, we are a data controller.

• Our staff all completed our GDPR training programme. Everyone in our business now has a broad understanding of the GDPR and their responsibilities, as well as specific knowledge of how it affects their own job.

• We wrote a transparent, comprehensive new privacy policy that meets the standard required for GDPR. It confirms our lawful basis for each type of data processing that we do.

• Our privacy policy includes a list of all the data that we’d ever share with a recruitment agency about a candidate. It accounts for things like IRR reports, new start and leavers reports, updating you on the status of referrals and providing information for your compliance checks.

• To give people more control over the type of emails we send them, we launched our new supply teacher life and world of contracting newsletters. We’d love you to join!

• We produced guidance for recruiters on what we think their lawful basis would be for sharing candidate information with umbrella providers.

• We built a secure portal that recruiters can log into and upload files directly to our servers, should they prefer to do so. You can use this for payroll instructions, ID and anything else you ever need to send us. Please contact us to request access.

• We ensured that all of our data processors will be complying with the GDPR from 25th May. In particular, we made sure that when we transfer data to a processor who is based outside the EEA (such as our email marketing platform), the relevant protections are in place to allow us to do so in compliance with GDPR. We put GDPR-compliant contracts in place with our data processors.

• We reviewed and strengthened the measures we have in place to keep data secure.

• We added more privacy information to all of our forms (including our registration form) to increase transparency.

Despite the effort involved, preparing for GDPR has been a positive process overall.

The new regulation protects each of us as individuals, because it stops companies using our personal data in a way that we’re unhappy with, or didn’t even know about. It also puts a responsibility on these companies to keep any data they hold about us up-to-date and secure.

These principles fall very much in line with our own values, and so we’ve seen it as an opportunity to improve our customer experience and increase trust.

If you have any questions, need anything from us or just want to share ideas and challenges, I’d be happy to jump on a call with you. Drop me an email to gary.smith@key.co.com and I’ll set it up.