Climbing career ladder hit by GDPR
Remember the Millennium Bug?
It was predicted to strike at the stroke of midnight on New Year’s Day 2000 and send the world into the digital dark ages. There were dire warnings global financial markets would crash, planes would fall out of the sky and work and home computing networks would collapse.
In reality none of the above happened and, after a collective intake of breath, we all went about our business as usual.
Fast forward to the present day and the doom-mongers were back on the bandwagon predicting all sorts of carnage and economic chaos.
This time the great threat came in the form of new data handling regulations, known as GDPR.
Firms were warned if they weren’t GDPR ready – and many tens of thousands were not – they faced multimillion-pound fines and huge obstacles to their future operations.
The picture of economic Armageddon was painted.
But, once again, the switch over to the new GDPR-regulated world was (relatively) seamless.
That was in the spring and by the summer, I confess, I’d almost forgotten the whole thorny subject.
GDPR by then was a mundane reality, companies were coping and the world continued to turn. Job done.
At least, that was the case until I ventured into a shop in Dundee last week to be confronted by a rather unseemly scene.
A young woman holding a business folder walked up to the store manager, announced she was looking for work and asked to hand in her CV.
It was a speculative approach, but the answer – while politely delivered – was well rehearsed.
The store manager simply told the job seeker that GDPR rules meant he was unable to accept her CV.
In fact, she was told the simple act of accepting her CV and holding it on file pending any job opportunities arising in the store was not just against company policy, but illegal under GDPR.
She was also told if she left her CV on the counter it would be immediately shredded and destroyed.
Her glimmer of hope for employment was the firm’s online recruitment site but, guessing from the look on both parties’ faces, they both knew it would do nothing to help her find work quickly and easily in the city where she lived.
The young job seeker left the store crestfallen and no further forward in her quest to find work.
I recounted the story on social media over the weekend and there were mixed views over whether the store manager/ company had acted correctly under GDPR or not.
The reaction demonstrated to me that GDPR’s introduction may not have been seamless after all. Some thought the firm’s response was correct, others argued they’d got it wrong.
But one legal mind said the woman should have been allowed to hand in her CV.
He summed it up thus: “It’s perfectly permissible so long as the individual consents; though strictly speaking, she should be given a copy of a privacy statement explaining who keeps the info, for how long, etc.”
He added, rather tellingly: “I can see why plenty sensible people think that’s daft.”
And another correspondent said there was a perception GDPR was being used as “a bit of an excuse for (companies) not wanting to do things.”
Regardless of the rights or wrongs of this particular case, what I don’t think GDPR was ever designed to do was to stop someone from getting into work.
But given the confusion surrounding the subject, sadly I suspect this is not an isolated case.
And perhaps the GDPR time bomb we feared would go off spectacularly in the spring is continuing to tick away slowly under the radar.