Published on 14th February 2019
Given the nature of HR services, the private employment industry almost always process personal data and exchange that data with third party, in particular with clients, for the purpose of matching jobseekers to a job. Following the adoption of the General Data Protection Regulation (GDPR) by the European Union in May 2018, members of the World Employment Confederation-Europe started facing questions from both public authorities and clients regarding the role and responsibilities of each party involved in labour market intermediation.
To support members in answering those questions, the World Employment Confederation-Europe drafted guidelines to clarify the relationships that the HR services providers and their clients can enter into. Depending on whether an HR services provider will be identified as an Independent Controller or a Processor under the GDPR, different obligations, responsible and liabilities in relation to personal data will apply and might require specific arrangements to be put in place with the clients.
“We were facing a lot of confusion with the indications provided by our national Data Protection Agency (DPA) regarding the roles of the partners, especially in the case of agency work,” explains Agnieszka Zielinska, Director of HR Polskie Forum, the Polish federation for the employment agency industry. “Having the correct definition is crucial for the protection of the rights of the data subjects as controllers and processors bear specific duties.” But the guidelines will not only served as a support to agencies in Poland. “All World Employment Confederation-Europe’s members can use them to dialogue with their DPAs and support consistent implementation of the GDPR across EU member states,” Zielinska adds.
Clear allocation of roles and responsibilities when providing or contracting HR services is critical to avoid inappropriate, illicit and risky data-processing; which would be not only to the detriment of the workers involved but also harm the reputation of the employment industry as a responsible service provider.
The World Employment Confederation-Europe’s guidelines also provide insights into some typical HR services: agency work, direct recruitment, Recruitment Process Outsourcing (RPO), Managed Service Provider (MSP) and Career Management / Outplacement. In practice, HR services providers may offer other types of services. The guidelines are therefore not exhaustive and should only be regarded as indicative, not binding.
Respect for confidentiality and protection of personal data are key principles of the World Employment Confederation-Europe’s Code of Conduct. Development of common guidelines by industry players helps promoting high quality standards within the private employment industry.
