Recruiting Under New Regulations: A Cultural Shift in Data Privacy

Cast your thoughts back to this time last year: Prince Harry was yet to marry Meghan Markle, the World Cup was about to enter its 21st year, and General Data Protection Regulation (GDPR) regulations were on the cusp of implementation across the EU. The data privacy and regulation laws were at the forefront of every recruiter’s mind, and - as the 2018 UK Recruitment Trends Report revealed - a top macroeconomic concern.

The advent of GDPR signaled a considerable cultural shift in the way recruiters think about, and handle, data. For the first time in 20 years, the regulation of data privacy for EU citizens was a priority. But where do we stand now that almost a year has passed since we begun recruiting under the new regulations?

A Lot Can Happen in a Year

As we entered 2018, 59 percent of recruiters identified GDPR as a macroeconomic challenge about which they were very or somewhat concerned, exhibiting mixed feelings as to what the impact would be for their business.

The vast majority (36 percent) were unsure of how the new laws might affect their businesses’ growth and revenue goals. By and large, we can see that, over the space of a year, the practical application and practice of data regulation by recruiters has settled feelings of uncertainty heading into 2019. The passing of time, and the unveiling of what data regulation within recruitment actually looks like, has brought the uncertainty level down to just 9 percent. Instead, the majority vote seems to have shifted in favor of GDPR having no impact on the achievement of goal and revenue targets, which now stands at 54 percent.

What impact is GDPR having on your business’ ability to achieve its future revenue and growth goals?
Impact 2018 2019
Positive 24% 17%
Negative 20% 20%
No Impact 20% 54%
Unsure 36% 9%

Though we are able to clearly track a sense of increased certainty following the ‘demystifying’ of GDPR over the past several months, interestingly the percentage of professionals who felt the new regulations have a negative impact on recruitment remains steadfast at 20 percent. Given the lack of evolution - be it an increase or decrease in these feelings - we must ask ourselves why this is the case?

A lot of firms are seeing GDPR as a burden, from what we have seen and reached through this process we have already seen benefits from this process, better data quality. Our firm is evolving into a more efficient organization. 

Understandably, ahead of GDPR, many agencies anticipated a negative impact due to the tighter restrictions and increased workload that compliance and process overhaul would bring. It is safe to say that GDPR as a concept - before being put into practice - could be viewed as a burden. However, as the industry has adapted and evolved alongside the new regulations, we can see that many firms find themselves with more efficient processes and higher quality data - a net benefit. Perhaps then, it is more apt to understand the perceived negative impact of GDPR to be related to the consultant’s own experience when recruiting due to new requirements and discomfort of change, and not to a business’s ability to achieve long-term goals. As such, it may take more time before we as an industry fully realize the benefits that the new laws bring in terms of data quality and operational efficiency.

Does Size Matter?

Results suggest that the perception of GDPR’s impact can be tied to the size of the business in which an individual works. This poses the question of how much of an individual’s perception of GDPR is shaped by the resources available within their organization?

By agency size: What impact is GDPR having on your business’ ability to achieve its future revenue and growth goals?
Enterprise Mid-size Small
Positive Impact 24% 20% 13%
Negative Impact 24% 22% 18%
No Impact 40% 48% 62%
Unsure 12% 10% 7%

Overall, we can see those recruitment professionals working in mid-size to enterprise-level organizations felt more confident that GDPR’s impact would be positive or non-existent when it comes to achieving future goals. We must wonder whether this relates to the previous notion of individual experiences during the implementation of these new laws. For example, larger companies with bigger budgets to allocate for data protection specialists and compliance officers perhaps experienced a smoother implementation and saw positive results faster.

However, that is not to say smaller agencies have not prepared sufficiently, or that they have not provided their staff with the right training or resources. Rather it simply suggests that it may take a little longer for the benefits of GDPR and consequential perception of a positive impact to become clear for these firms.

The Best Is Yet To Come

It’s important to remember that - whilst the regulations have come to pass - the recruitment industry hasn’t been practicing GDPR compliance fully for all that long. Though many are seeing success, and have made the necessary changes and efforts, our work here is not done yet - especially if we want to keep reaping the benefits of better data privacy.

GDPR is a cultural change, so it is important to continue training around this to create a cultural shift. 

We need to continue training and education surrounding best GDPR practices; encouraging the ongoing adoption of, and adaptation to, this new cultural shift in data regulation. Small changes can go a long way: shifting one’s marketing strategy to better engage with candidates and clients, focusing on improving the candidate experience, or even upgrading the features in one’s CRM.

GDPR Resources
Firms can find more tips, tricks, and inspiration in this post-GDPR toolkit for recruiters.

Bob McHugh

Senior Manager, Global Content and Research


Bob McHugh is the Senior Manager, Global Content and Research at Bullhorn. Before joining Bullhorn, Bob spent five years at the digital marketing agency, Brafton, as a Social Media and Engagement Manager. He earned his bachelor's degree from Siena College and his MFA in writing from Emerson College.