The recent prosecution and fine of HomeServe Membership Ltd’s recruitment manager should serve as a warning to all companies about the potential consequences of employees illegally sharing personal data that they have access to as part of their job.
The case highlighted the illegal disclosure of 26 job applicants’ CVs by the employed recruitment manager to a third party recruitment agency containing the personal data of applicants seeking employment with HomeServe, where there was no business need to do so.
HomeServe was alerted to the suspicious activity when it discovered that some candidates who had already applied for jobs directly were subsequently also submitted as applicants by a third party agency.
The case highlights two important issues; the first is the need for employers to ensure that their staff are aware of what information, held about candidates, is permissible to share under data protection legislation, especially with the GDPR regulations coming into force in May 2018.
To help ensure recruiters are prepared for the new data protection legislation Lawspeed is hosting GDPR and Data Protection Compliance seminars on the 10th and 12th October 2017. Set in the context of both recruitment and employment, our specialists will deal with the ‘what, the why and the how’, with attendees learning about the areas of operation affected, processes to follow, and types of documentation to use.
The second issue raised is how confident are you that your contacts and business information are secure and how easy would it be for your employees to steal them, poach your staff or set up in competition with you?
As specialists in recruitment and employment law, Lawspeed is ideally placed to advise your recruitment business. Our employment contract review service makes sure that you have appropriate protection built into your employment contracts, which will restrict a departing employee from soliciting clients, poaching your key staff and agency workers, using information held on your CRM system or competing with your business, and which alerts them to their obligations under data protection legislation.