GDPR in Recruitment

An insight into how Hiring Hub is tackling the GDPR elephant in the room before the looming May 2018 deadline.

Hiring Hub’s CTO, Anna Dick, was invited to join a panel of experts at Business Cloud’s recent GDPR breakfast event in Manchester. See what she had to say below along with a wider view on how Hiring Hub is tackling the GDPR elephant in the room before the looming May 2018 deadline.

Anna, you’ve very recently joined Hiring Hub in Manchester as Chief Technology Officer. Tell us what the business does.

Hiring Hub connects companies to reviewed and rated recruitment agencies through an online marketplace.

We’ve been talking about the fears around GDPR and the ‘head in the sand’ attitude from some people. Are you worried about GDPR?

I wouldn’t say we are worried, but we are taking GDPR very seriously. Just yesterday we had our first board meeting since our recent investment, and already we’re putting forward recommendations in terms of further investment in this area. We’re a small business and we’re looking at how we mature, so security is a big question for us in all aspects and GDPR was a big talking point around this.

Hiring Hub isn’t a recruiter but provides a platform to support recruiters. Presumably you store a lot of personal data. How do you make sure you protect data and comply with GDPR?

Obviously, we do connect and we make those relationships happen, so, we do end up storing that data. We know we must make sure it’s as secure as it needs to be, that the right people have access and the right access privileges are in place for those people.

So yes, we’re trying to understand where our data is, what systems are plugged in, who accesses it, why they access it, do they need to access it. You know when you mature from a small organisation, you might have one person who’s doing five different roles, but we’re now growing fast so we’ve got more people involved and we just need to ensure we’re compliant and create that segregation. We’re introducing a new Security Policy to give the team and any contractors clear procedures to follow, and working with an independent cyber security expert to help us carry out a full audit to identify any potential gaps we need to address in our product roadmap before the GDPR deadline.

What’s the biggest challenge facing you when it comes to GDPR compliance?

It might be cultural. I think it’s great that GDPR has got everyone talking about data. It’s a topic of conversation now, whereas before it was perhaps an afterthought. The fact that companies across the UK are asking questions about the data they’re housing, and how secure it is, and whether they should really have it or not, etc, is powerful. It’s actually altered how we look at data, or think about it: we view it not as “data’ but as ‘people’. Which makes it more personal. More human.

How important is staff training and awareness within the company?

Significant. Although “training” is not necessarily the route we’re taking as relatively small business still (20-odd people). it’s more about raising awareness and education.

What cyber security measures are you taking to make sure that your data is more secure?

We’re introducing a new Security Policy, to give the team and contractors et al a sense of procedures, etc. Beyond this, we’re reviewing everything. Both as an internal team, whilst also bringing in an independent cyber security expert to undertake an audit and help us understand where the potential gaps in knowledge, processes or procedures are so we can address anything urgent, and then plan other improvements within our product roadmap. The challenge for companies like Hiring Hub is always the balance of investing what precious resources you have into things that are necessary, but aren’t really going to drive revenue or user growth, versus deploying those resources against growth to hit the next funding milestone. It’s something that we wrestle with and collaboratively hold the tension so that, hopefully, we strike the right balance.