The Personal Data Protection Act shouldn’t be HR’s worst nightmare, but hiring managers and recruiters’ jobs are destined to be affected by the regulatory changes which come into effect next month.
The issue of data privacy is set to affect Singapore’s recruitment industry due to compliance issues when it comes to dealing with client and candidate personal data. How prepared are you for the changes, and have you made the necessary adjustments within your organisation?
In order to help recruiters familiarise and manage the changes, HRBoss has put together a guide to ensure organisations’ recruitment processes still keep within the Act.
An overview of personal data. What is it?
In short, the PDPA was legislated in order to heighten Singapore’s status a business hub, trusted with global data management and processing services (which includes staffing and recruiting firms).
Personal data refers to any data about an individual which can identify them, or data and other information which the organisation has, or is likely to have, access to. This includes things like:
- Date of Birth
- Telephone/Mobile Number
Why does it matter to recruiters?
Because HR practitioners – particularly recruiters – come across a huge amount of employee and candidate personal data, it is critical they understand how the PDPA can affect their work and policies.
“As a recruiter or employee, you work first hand with data. You deal with personal data when screening candidates, job applications and liaising with clients. Being in charge of data means that you are responsible for the accuracy and security of the database,” the guide said.
The PDPA’s regulations on how you handle this data is robust, so to help you cover what you need, HRBoss put together the 9 commandments of the PDPA for you to follow:
1. The consent obligation
2. The purpose limitation obligation
3. The notification obligation
4. The access and correction obligation
5. The accuracy obligation
6. The protection obligation
7. The retention limitation obligation
8. The transfer limitation obligation
9. The openness obligation
For the full overview of these commandments and how to adhere to them, go here.
Other important things to note about the PDPA
One of the things to note is that recruitment companies, employment agencies, head-hunters and similar organisations are all subjected to the PDPA, although there is a partial exclusion for recruitment agencies acting as data intermediaries.
“The PDPA provides that a data intermediary that processes personal data on behalf of and for the purposes of another organisation pursuant to a contract which is evidenced or made in writing will only be subject to the provisions in the PDPA relating to the safeguarding and retention of personal data in respect of such processing. In certain circumstances these recruitment agencies could qualify as data intermediaries,” the guide said.
Under the Act, organisations are also not required to seek consent for the collection, use or disclosure of personal data if it is intended for evaluative purposes such as a background check, or when the information is publicly available, such as through newspapers, phone directories or the internet.
“After an organisation has decided which job applicant to hire, the personal data that the organisation had collected from the other job applicants should only be kept for as long as it is necessary for business or legal purposes,” the guide added.
Companies found breaching the PDPA will be required to destroy personal data collected in contravention of the Act, provide individuals access to correct the data, and face a fine of up to $1 million.
To read the full ‘PDPA Singapore: What Recruiters Need To Know’ guide from HRBoss, click here.