GDPR policy

1 What is the GDPR and why is it needed?

GDPR stands for the General Data Protection Regulation. It?s a set of rules designed to cover data protection for residents of Europe that came into force in May 2018. All EU citizen data is within scope of GDPR, irrespective of the geographical location of the recruitment firm.

In the light of huge technology changes in the last 20 years, including the internet, social media and exchange of personal data for use of services, the GDPR was created to address exploitation of data and to provide individuals with more control over how their personal data is used.

European organisations must ensure that any companies they work with, where the processing of personal data is involved, comply with the GDPR, regardless of the location of that third party.

2 How does the GDPR benefit a business?

The assessment and mitigation of risks required by the GDPR forces a business to take a close look at what exactly is and is not happening and implement changes (many of which are no-brainers).

The goal of the GDPR is that businesses take their responsibilities seriously and embed data privacy into the business. The GDPR touches all aspects of the business which is why it is such a powerful driver for good business management. Good data privacy and well managed businesses are symbiotic.

3 What does the GDPR mean for the recruitment industry?

These rules dramatically raise the bar on privacy standards and come with fines that are large enough to destroy virtually any firm in the industry. On a positive note, recruitment has people at its heart and the GDPR is all about people.

We can reassure candidates, clients, suppliers, partners and employees that as an industry we care deeply about their personal data, and their new rights under the GDPR legislation.

4 What does the GPR mean for ICP Search?

As a business that stores information on European citizens (referred to as Data Subjects) in a database, Outlook contacts, spreadsheets and potentially a host of other locations, ICP Search needs to follow the new rules. At the same time the GDPR is all about risk ? analysing the degree of risk and putting steps in place to mitigate that risk.

There are new rules relating to the transfer of data outside of Europe. 44% of our placements have been made outside Europe since 2013, and currently only 11 countries are considered ?adequate? from a data protection perspective by the ICO*. This means that we are implementing robust EU Model clauses to ensure that personal data about EU residents that we transfer to clients outside Europe is protected under GDPR.

*Information Commissioners Office

5 What did ICP Search do to prepare for the GDPR coming into force in May 2018?

In September 2017 ICP Search partnered with ComplyGDPR, a business that specialises in GDPR readiness for Executive Search and related activities. (

ComplyGDPR provided guidance, manuals, templates and expert legal input into all the investigation and activities that ICP Search needed to do, including:
Internal awareness: communication and updates
Data Audit: company-wide cleanse
IT Security: infrastructure audit and strengthen
Legacy Database: data cleanse
GDPR Data Protection Handbook: document compliance, policies and processes

In May 2018, all our employees completed online GDPR training provided by ComplyGDPR. The training, designed specifically for search and recruitment professionals, ensured that everyone had a good understanding of the new data protection laws, how they relate to the search and recruitment process and how their own actions could create a data breach. The varied content included animation, narrative, interactivity and video tracking the activities of Ben at Rec Search and his disastrous approach to data protection

6 How does ICP Search comply with the GDPR?

Like all businesses in Europe, ICP Search?s compliance to the GDPR is a continuous journey, and we are committed to reviewing, improving and implementing change as the data protection landscape evolves.

Demonstrating our compliance with the GDPR is about maintaining the right balance of activities to mitigate potential risks.