It seems that over the last month or so, the Executive Search world has woken up to the reality that the GDPR is real and that it is imminent. Our compliance platform, GatedTalent, has thousands of messages going through it every day now and we continue to sign up multiple new clients every day.
There is, however, a problem.
The fact is that a lot of search firms are not ready. A lot are not close to being ready. Even now, we are taking multiple calls a day from search firms who have really given very little thought to the work that needs to be done - and, to be honest, some of them will now not be ready by May 25th. We have engineers working every weekend between now and that deadline - but there is only so much work that can be done in what is essentially 2 months, particularly for firms migrating from another platform.
So this piece from Silicon Republic is very good news. In short, it suggests that a number of EU member states are likely to provide a "grace period" beyond the formal deadline, so long as they can see that firms are making good-faith efforts to become compliant. The article references the French CNIL in particular but suggests that other countries will follow suit.
Our recommendation? Speak to your preferred vendors and get the ball rolling. Hopefully, your process will be complete by May 25th, but - failing that - having a paper trail that demonstrates that you are working on compliance is likely to go a long way if you do have a problem.
Attention must be paid to France’s data protection authority, the CNIL, which issued guidance that “indicates that it may hold off on significant enforcement actions for a few months’ ‘grace period’, provided that organisations are making good-faith efforts to come into compliance and that they cooperate with the CNIL”. She noted that other EU member states would be likely to follow its lead.