Jason Starr is CEO of GatedTalent, the global database of ‘gated talent’, a GDPR compliance enabler for the search sector.
In May 2018 one of the most stringent data protection laws of modern times will come into force in the shape of the General Data Protection Regulations, or GDPR for short. Most professionals and executives working in the financial services sector will be aware that its introduction will significantly affect the way their organisations acquire and manage information about customers and clients. But how many realise that it also has the potential to have a significant negative impact on their own career progression?
Of course, GDPR was initially developed to help individuals claw back more control over their personal data in an era where data gathering and exploitation becomes more sophisticated and all-pervasive on a daily basis. However, according to the findings of a survey we commissioned of over 350 executive search firms around the world – Unintended Consequences – why GDPR could move executive careers into the slow lane around the globe – professional recruiters, who, of course, play a significant role in moving financial services specialists up the career ladder throughout their working lives, are worried that GDPR will make it much more difficult to keep in touch with talent after the spring of next year. In effect, many able and ambitious individuals in the industry may simply disappear from recruiters’ radar and will effectively find themselves in a career ‘doldrums’.
It’s an unfortunate fact of life that good laws can sometimes end up doing bad things. If you want a really dramatic example then just take a look at the Volstead Act, which brought Prohibition to the USA after the First World War. Designed to create a better society by eliminating the apparent evils of drink, it also effectively criminalised a substantial proportion of the population, who remained decidedly unconvinced that the odd snifter was such a bad thing and made fortunes for a host of enterprising villains, such as Al Capone. The ‘unintended consequences’ of GDPR will very likely seem fairly lightweight in comparison, but for the financial services professional, who finds themselves stuck in a career rut from May 2018, they will still be concerning enough.
But isn’t this all a bit of a storm in a teacup? After all many data protection lawyers and the Information Commissioner’s Office in the UK, together with its counterparts across the EU have pointed out that regulators are not characters from a Kafka novel and are therefore likely to try to balance the interests of businesses and individuals in practice. However they have also admitted that, until GDPR is tested in real-life cases after May next year, there can be no absolute clarity about how the law will operate.
Without this clarity and given the draconian penalties potentially involved – fines of up to €20 million or 4% of annual turnover – it’s perhaps not surprising that many recruiters are erring on the side of caution. Some search firms and internal recruitment teams of big financial services players are hoping to rely on a defence of ‘legitimate interest’ – that the databases of talent they have painstakingly built up are necessary to the conduct of their legitimate business. But many others are taking the view that they will need to obtain explicit consent from potential candidates and that any consent they had obtained in the past is unlikely to stand up under the new rules. This all means that a huge data refresh operation will have to be undertaken and how long this will take is anyone’s guess.
As one of the recruitment professionals we interviewed for the research neatly put it in a masterly piece of understatement, “The whole thing does seem to have the potential to be a bit of a nightmare.”
So what does this all mean for the individual financial services specialist? Ironically it could be that, in the lead-up to GDPR, you will start to hear more from head-hunters, rather than less as requests for consent start flying out. And, unless you want the phone to become suspiciously quiet after May, it might be wise to act on them or even take your own action and go direct to search firms yourself through platforms like GatedTalent which executive search firms will use to manage the consent process.
In the long run, it could even be that our interviewee’s ‘bit of a nightmare’ turns out to be a blessing in disguise. As David Pierce Hallahan of the search firm, Team Capital, puts it, “GDPR could end up delivering a closer tighter relationship based on quality and best practice.” And it’s not just members of the recruitment industry who are taking this view. Some of the leading academics in the field of data management also seem to agree. OykuIsik, a specialist in information systems management at Vlerick Business School has suggested that it might help search firms to, “…pursue transparency and control over data that will help build a genuinely trustworthy organisation – one that an executive will be more likely to trust with their data throughout their career.” And if this does come about it could mean chosen search firms becoming a financial services executive’s long-term partner in the same roster as their accountant or lawyer, for example, with obvious ongoing benefits for everyone involved.