The following statement applies to The Rethink Group (Rethink) and to all of its brands.
The new EU General Data Protection Regulation (GDPR) came into effect on 25 May 2018 and affected any organisation which holds (controls) or processes personal data. It introduced new responsibilities, including the need to demonstrate compliance with data protection laws and regulations, and we expect a greater level of enforcement with substantially higher penalties than those experienced under the current Data Protection Act (DPA).
Rethink is committed to the highest standards of information security and privacy. We have well established controls, processes and policies to ensure we protect and manage data both internally and through our third-party suppliers. We will ensure compliance with all applicable GDPR regulations, whilst continuing to work closely with our customers and partners to meet all contractual obligations for our services.
Rethink has appointed an internal, cross-functional team and a dedicated Data Protection Officer to prepare for GDPR. We are reviewing all of our current processes and policies to ensure that we comply fully with the updated regulations.
Our preparation for GDPR has covered the following areas:
• Internal data control and management processes have been audited and where necessary updated with the full knowledge and support of our executive team;
• We are establishing simple processes to facilitate control of personal data for all individuals whose data we hold;
• We have developed a plan and content to train all our staff on all applicable new policies and processes.
GDPR is formed of a number of key principles that provide rights to individuals, be they candidates, clients or employees. Since late 2017 we have worked with and taken advice from legal and professional governing bodies, including the Recruitment & Employment Confederation and APSCO. Our processes, candidate / client database, IT infrastructure and links to processors of data outsourced by Rethink are being modified to meet the needs of these principles to ensure transparent and secure data processing and control.
We have published our new Data Protection Policy which will include details of our compliance with the key principles of GDPR as well as providing staff training and client support to ensure our services remain of the highest professional standard.
Should you wish to understand more about how GDPR affects you as a candidate, client or employee you can download a useful document (PDF – 564kb).
For any queries please contact our Data Protection Officer, Marc Hughes at firstname.lastname@example.org.