Good Data Practice Rules OK!

By on May 23, 2018 in

10 facts as a consumer you should know.

If decency, respect and accountability were a required feature of all service firms, in particular those that hold personal data, GDPR may never have been necessary. While often regarded as a systems matter, GDPR is really about behaviour and practice at organisational and individual levels. While IT systems enable many of the transgressions that have led to GDPR, it is human behaviour that ultimately needs to change.

GDPR is an important reminder to all firms who share data as part of their processes, that they must behave appropriately and look after sensitive information. While this includes the security of personal data, it is around how data is used and kept accurate that will impact most people. If GDPR is about anything, it is about the culture and maturity of an organisation. It encompasses those daily processes and procedures that are in place and consistently adhered to. Good practice data control means, that the person on whom data is held, remains the exclusive owner of that data. It must only be used with their expressed permission.

Many of us who have been involved in developing GDPR policy and practice for our companies are extremely familiar with the content of GDPR and privacy policies in general. However, as with Terms of Business presented online, some people may not have had the chance to read these in full, so we are setting out here 10 commitments to our management of your data. While bound by legislation, this is simply the respectful management of your data and the minimum you should expect from all firms.

  1. We will ensure personal data is always held securely.
  2. We will retain your data once you have shared it with us, exclusively for matters related to your career and career management.
  3. We will ensure that your data is kept accurate and up-to-date.
  4. Your data will be stored exclusively on our centralised applicant and assignment management system. We ensure all our suppliers are GDPR compliant.
  5. We will only communicate with you on matters specifically related to careers and career management and only ever seek information or opinion from you, related to these matters.
  6. We will only share your data with hiring firms, once we have received your further permission to do so.
  7. We will share with you a written brief, outlining a client’s specific requirement, once your CV has been submitted to that client with your permission.
  8. At any time should you wish to cease your relationship with our firm, we will delete all relevant data with immediate effect on receiving your written request to do so.
  9. Should you require a full copy of all data that we hold relating to you, we will provide this within 48 hours of receiving your written request.
  10. Our Data Protection Officer (DPO), is always available to meet your requests or act in accordance with your wishes by emailing Our DPO reports directly to our Chief Executive.

Our commitment to all stakeholders is that we will continue as HRM has always done, to practice good data management at all times. We will ensure full compliance with GDPR and be entirely accessible and transparent in all of our relationships.

download as pdf