GDPR: Impact on the Executive Search and Recruitment Industry
Mercuri Urval is an Executive Search, Professional Recruitment and Talent Advisory firm. Due to the nature of our business, the protection of personal data has always been a focus area for us. As a client or candidate you can be sure that all personal data is safe with us and handled with the greatest care. Mercuri Urval has a large team of international experts working with GDPR and compliance with GDPR.
Meet our Data Protection Officer
Lene Juul has worked with data protection within Executive Search and Recruitment for more than 20 years. With an extensive knowledge of Mercuri Urval operations, she is the Group Data Protection Officer since 2017.
"I really like working with Data Protection Legislation, and I have worked with the topic for more than 20 years. With the new GDPR, the question has resurfaced at the top of the agenda for our clients and for us, and it is very exciting. Above all, from my perspective, treating data legislation on an international, rather than national level opens up so many opportunities. It is great. Also, for our candidates it means that their rights are better protected in the digital world."
How will GDPR impact you as a client or candidate?
Mercuri Urval sees GDPR as an opportunity to strengthen the relationship and trust with our candidates and clients. Also, it fits well with our strategic direction to offer a One Company Delivery of Executive Search, Professional Recruitment and Talent Advisory worldwide - it creates yet another platform for One Company thinking.
A dedicated project team including the DPO is working on preparing our company for GDPR compliance, which includes enhancements in a lot of areas including:
- Updating client contracts and Data Processing Agreements
Data Processing Agreements (DPAs) must be in place between data controllers and data processors ensuring that clear instructions are agreed upon. This means updating DPAs with Mercuri Urval's suppliers as well as updating contracts with our clients. We must clarify our responsibilities.
- Updating Consents
When you as a candidate apply for a position with us or participate in an assessment programme, our processing of your data is based on consent. We are currently rewriting our consents to match the demands in GDPR aiming for consents in an intelligible and easily accessible form, in clear and plain language.
- Detailed written record of all personal data processing activities
The GDPR requires that we keep detailed records of all personal data processing. Therefore, our project team is working closely with colleagues in Mercuri Urval's offices throughout Europe documenting everything we do – from A-Z. For us, a positive side effect of GDPR is homogenous processing of personal data for all offices within Mercuri Urval.
- Updating IT systems
We are reviewing all IT systems to make sure that we continue to keep our candidates' and clients' data safe. Changes are being done to enable us to comply with the GDPR demands relating to data subject rights – for instance the right to restriction of processing, the right to erasure, the right to data portability, etc.
- Training, continued awareness - and audits
Creating guidelines and new routines is not enough. We have to make sure that all Mercuri Urval employees are constantly living up to the high standards of data protection that we as a company are aiming for. Data protection must "live" inside Mercuri Urval. This means ongoing training and constant attention to data protection issues throughout our organisation.
This is of course, already in place with regards to the current local data protection legislation, but in light of GDPR this now becomes a centralised standardised process for all Mercuri Urval countries, also outside Europe.
To support this our DPO will perform audits on a regular basis in Mercuri Urval's offices in Europe and beyond to monitor compliance with GDPR, raising awareness and training staff involved in processing operations.
Your rights as a candidate with us
For Mercuri Urval it is of great importance that we create trustful relationships with candidates, protect their integrity and give them control of their personal data. As from 25 May 2018, GDPR grants extended rights for you as a person (data subject). You can read more here.
To exercise your rights, please contact our DPO on: firstname.lastname@example.org