GDPR: Gaining Consent from Staff Members

GDPR staffing agency compliance

In the run up to the deadline for GDPR compliance, we’ve seen a flurry of activity to ensure both agencies and Watu are ticking all GDPR requirements. In a previous article, we explain our compatibility so that clients can rest assured.

But beyond safely stored data, agencies are also having to tackle the tick boxes which apply when contacting people via their personal email address. The big question of the moment: how do I gain consent from staff members to continue to hold their data and send them communications?

Some agencies have suggested emailing staff to receive replies of confirmation, but we would like to propose a solution which will reduce back and forth communication, and keep answers tracked within the database.

Profile Template Change

When staff members are registering or editing their profile, they are inside of the ‘profile template‘. This template is very flexible as you may already know, and it’s a powerful tool to organise, communicate with, and manage staff.

The first step would be for the Watu team to add a statement similar to the following which would sit at the top of the page:

Please select ‘yes’ below to confirm that you would like to be registered with <agency_name>, and therefore receive communications including job offers during this time. 

This would then be followed by an answer selection that is mandatory to answer:

Yes or No

We can entitle this section of the profile template “Data compliance“.

How does this affect staff?

For registering staff, they will come across this statement as the first question when applying, and would naturally tick ‘yes’.

For existing staff, this will now sit as a question within their profile template. They must enter their profile and click ‘edit’ to be able to answer the question.

How to reach out to existing staff?

You may request the above change by emailing tech support from your account. Once it’s in place, we suggest;

  1. Emailing your database (staffers -> active -> message and the same for pending) stating that you have added a mandatory question, for which they must answer yes to remain on your books
  2. After however many weeks and reminders as you feel comfortable with, you may do a search in the system for “Data compliance: No”
  3. This will turn up the results for everyone who has answered “No”
  4. You may choose to suspend these people and/or delete their data

The above search will apply to anyone new who has registered as well as existing staff members. We will pre-set all answers to be ‘no’ for existing staff, so that it’s an opt-in request; in other words, staff must edit their profiles to select ‘yes’ so that they do not leave the answer as ‘no’.

Data deletion

Whether you delete none, some or all of the data of suspended/imported/cancelled/declined profiles is up to your agency and we cannot advise on this.

Deletions may be completed manually, or you are welcome to reach out to us to ask for a quote. Please send through the following information;

  • who the data should be wiped for (which categories – suspended, cancelled, declined, imported etc)
  • what data should be wiped (names, email, phone number, all answers, photos, payroll, etc)

Looking forward

In the future, the question will remain on the database and a staff member may decide to select ‘no’ at any time. We would recommend to run a search each month or at whatever interval suits you best, looking for those staff who have selected ‘No’. Again, at that point, you may choose to suspend and/or delete their data.

If you are ready to implement the above or have any questions, do reach out to us via tech support. The wording is flexible and the above is a suggestion, so it can be adjusted as needed.