- Category: blog
The GDPR is a new law which strengthens the rights of individuals to privacy and protection of personal data. The law functions by placing the burden of ensuring compliance on organizations in securing the data of individuals that relate with them on one or more grounds where individuals are required to present their personal data. The law has important highlights spanning from its general provisions, to principles, rights of data subjects, controller and processor, supervisory authorities, cooperation and consistency, remedies, liabilities, penalties and lots more, all which are strategically organized and factored to form a whole that preaches privacy and personal data security. However, the clever question to ask is how exactly the GDPR is related to recruiting, especially given the current inconsistency in the aviation recruitment systems.
In the realm of recruitment, GDPR relate with three basic terms. Candidates are referred to as data subjects because they could be traced and identified via data made available to the firms. Employers are called data controllers because they determine the purpose for which data are collected, and are fully responsible for the lawful use and protection of individuals’ data. Similarly, Application Tracking Software (ATS) are referred to as data processor. This is because they process individuals’ data on behalf of the company according to preset programs. It thus become very important to learn how GDPR affect aviation recruiting across these branches to serve as illuminations to the current odds, violations and inconsistency in the industry.
First, the GDPR situates that personal data should only be requested for legitimate, explicit and specified purposes. This means that information solicited from candidates for aviation recruitment purposes are not supposed to be used for other reason other than the primary. The clause of ‘specific’ also means that such data should only be processed or used within the specified time, which other than, will result into a breach of privacy. Most aviation firms fall victim of this via ignorance inspired sense of loyalty to candidates or an unquenchable hunger for active application and resume accumulation on their platforms. They either solicit for resume, personal photos, passport copies when they do not have an available vacancy at the moment or call for data to be saved up for future application. This is a clear breach of the GDPR compliance as though it might not be against the clause of legitimacy (because the resumes are solicited for job reasons) but clearly is opposed to that of specificity and explicit purpose (especially if candidates are not informed their applications are being saved for future applications).
Further, many aviation firms and airlines faultily or ignorantly accrue all the powers, perhaps absoluteness to themselves in the processing of candidates’ data during recruitment, thus hunting down the need for transparency. This is wrong in its totality. The GDPR posted that firms must have clear privacy policies which would be unbiasedly made available to every candidates. Data is not supposed to be disclosed to other departments but used for recruiting alone. The question of transparency doesn’t end at that, it is stated by human resource professionals in compliance to the GDPR rules that job applicants have every rights to interview notes from relevant filling system. Applicants are also afforded the right to request copies of their personal data that firms hold about them. This must at best be made accessible according to specific criteria. Recruiters and employers are therefore expected to decide on the appropriate storage means for interview notes pending requests. This would also protect the firm in case applicant feel to query or contest the firm’s selection decision based on claims of discrimination. Candidates have the rights to know how they are assessed.
In cases where aviation firms utilize electronic screening portal such as video interviewing process and software systems, and they are interested in keeping applicants data in file more than the duration of the current vacancy, their application processes are expected to be in the GDPR workflow setup sync in either of these two ways. First applicants must be specifically asked if such permission is granted, upon which they would be able to keep data on their files, and if such consents are not earned, firms are not allowed to keep the applicant’s details on their systems for more than the closing period of the vacancy. This is because it has been identified that most companies secure applicants data for resale, hence tantamount to an infringement on candidates’ privacy as stipulated by guiding laws.
Fundamentally, the GDPR wants to be sure that applicants are only asked to supply