2018 is well and truly underway and, with a new year, there are new Future Talent predictions and trends.

The coming year is set to have some game changers in the recruitment space which, themselves, will accelerate the wake of other concomitant trends and ground-breaking advancements. However, what will continue to remain a challenge is the fierce and fast-paced competition to recruit best and brightest Future Talent.

Without further ado – here are our top trends that will influence the world of Future Talent recruitment in 2018:

  • Diversity, Diversity, Diversity

Improving diversity is at the top of the agenda of Future Talent recruiters across the UK, and has been for some time now. In fact, according to the Institute of Student Employers (ISE) – 75% of employers took specific actions to improve Graduate diversity in 2017, and 40% choose the Universities they visit based entirely on the diversity of the enrolled students.

The pre-existing disparities between gender in a large number of industries still remains a massive issue for recruiters. Recruiting male Graduates into Social Care and female Graduates into Construction are merely two examples of the bigger diversity picture, and the misconceptions that recruiters are having to work to overcome.

But, diversity goes much deeper than gender, which only works to make it more of an issue and, therefore, a focus for recruiters and organisations alike.

Why is this a trend for 2018?

Improving diversity in your workforce brings with it so many additional advantages and positives. First and foremost – the variety of talents, skills, experiences and backgrounds will offer any number of different perspectives on organisational issues, and work the same way for solutions.

Secondly – once your workforce becomes more diverse, it will only continue to improve. In somewhat of a Snowball Effect – once it’s started, diversity will continue to develop and grow itself.

Finally – employee performance and productivity. Employees are automatically more likely to feel more comfortable and happy in an environment where inclusivity is an organisational priority. They feel more valued, and more confident in their surroundings. As we all know – happy employees translate into productive ones.

  • Graduate Schemes with a Masters chucked in

The increasing competition for a dwindling talent pool of top Future Talent means that organisations are having to think about offering a more attractive package than their competitors.

Why? The more attractive your offering – the more likely you are to attract the top talent.

In fact, in our 2017 survey report on Parental Influence – respondents told us that future progression opportunities was the most important factor in their decision to influence their child. As you can imagine – acquiring a Masters during their Graduate scheme will open doors, and opportunities for career advancement in the future. It’s a win-win for everyone.

Personally, we’re keeping tabs on this trend. Our 2018 survey report will tell us whether or not this has been an important aspect of Future Talent recruitment this year.

  • Artificial Intelligence

For 2018, artificial intelligence (AI) is likely to have a significant impact on both recruitment and workplace culture. It will continue to change how everybody works, both individually and together, and will likely replace certain workers in their roles.

In fact, LinkedIn has reported that AI is acting as a “boon for recruiters and hiring managers”, which is helping them to source and screen candidates.

Also, with human involvement – there is bound to be some level of bias present in the recruitment process. If machine learning were to take over – bias would be removed, and the best candidates would be matched to roles based entirely upon their skills.

Look out for a continued growth of AI solutions marketed to the sector – we will review the better ones throughout the year.

  • The Role of People Analytics in Decision-Making

People Analytics, sometimes referred to as Talent or HR Analytics, is the method of analysis that can help recruiters, managers and the C-Suite make decisions about their workforce.

It’s generally true that decisions informed by data and analytics are often more substantial and effective than otherwise. Thus, People Analytics is becoming a more accepted HR practice. In a similar vein to AI – People Analytics reduces the presence of bias in decision-making, meaning you’re more likely to make impactful decisions that drive the change you need.

The role of People Analytics is set to endure throughout 2018, as recruiters are looking to significantly improve their ROI.

  • The Candidate Experience

Candidate experience has always been the centre-piece of recruitment strategies. Why? A positive candidate experience is synonymous with a good reputation as an employer. A good reputation as an employer means you’re more likely to reach, engage and retain the best candidates for your roles.

Graduates and Apprentices, speaking from experience, are often left frustrated when they’re kept in the dark by prospective employers. What’s happened with their application? Do you have any feedback to help them improve their chances next time?

A positive candidate experience has so many benefits for recruiters, both tangible and intangible. Whilst candidates are more likely to accept a job offer following a positive recruitment experience, they’re also more likely to translate into more productive, efficient and hard-working Future Talent.

An ongoing shortage of top talent will require recruiters to win the war on engagement, before they can win the war on talent.

  • Parental Influence in Future Talent Decisions

Every year – one of our Talent Directors, Debbie Edmondson, collects data and produces a report around the role of parents in the decisions of Future Talent candidates. And, as you would expect, every year we see something different.

Regardless – it’s safe to say that employers are getting smarter at reaching, engaging and retaining the best talent.

The number of Future Talent vacancies, even following the Apprenticeship Levy, is shrinking, and is perceived by many as a premature impact of Britain’s impending exit from the European Union. And, with more and more Graduates reneging on their offers each and every year – you can’t help but wonder why.

The role of parents in influencing the decisions of Future Talent candidates is certainly not one that should be taken lightly or overlooked. In fact, in our research, our respondents (parents of Graduates) indicated that they influence at least 2 out of 3 of the main decisions their child needs to make, namely:

  • Which academic route to take;
  • Which particularly industries or employer(s) they should consider, and;
  • Whether to accept or reject each individual offer.

As the year passes, and we continue into 2019 (I know, scary, right…) – we wholly anticipate the role of parents to exacerbate the current competitive environment of Future Talent recruitment.


2018 is set to be a massive rollercoaster for recruitment, especially in Future Talent as a new cohort of Graduates begin their new jobs and Apprentices break into their respective fields of work. We can only speculate on what may or may not happen – only time will tell.

With that being said – watch this space, and have a fantastic year of recruitment.

The General Data Protection Regulation (GDPR) is widely accepted as a natural evolution and progression in the protection of a very basic human right – privacy. However, the impact it’s going to have on business in general is still a massive grey area for most, especially in recruitment.

How will GDPR influence our ability to build talent pools?

What will we have to do with candidate data that we use for benchmarking that we collected years ago?

None of the recruitment-oriented questions have really been answered and, with May 25th creeping up on us, they need to be. I bet you’re thinking – why does it really matter? We’ve had the Data Protection Act (DPA) and the Privacy and Electronic Communications Regulations (PECR) for years now? Aren’t they all the exact same?

In short – no.

Like with everything – if you want to comply with a new regulation or learn a new skill, you need to understand it first. Especially when, according to Forrester – 80% of companies will fail to comply with GDPR in 2018.

Firstly, what is GDPR?

Well – that’s the million dollar question at the moment. As defined by Investopedia:

“The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based.”

It was approved by the European Union parliament in April 2016, and will replace the Data Protection Directive which currently regulates and governs how ‘personal data’ can be used.

Today, there are completely new ways of exploiting personal data, given the rise of the Internet and cloud-based technology – the GDPR seeks to address these threats by imposing steeper and more severe penalties for non-compliance, and giving people greater control over what companies are doing with their data.

GDPR applies to all ‘personal’ data. It’s often misconstrued what ‘personal’ actually means, and the type of information or data it actually applies to. Contrary to popular belief – personal information is not only what you’d consider as extremely private, such as bank details or National Insurance numbers.


Are you interested in ensuring you’re GDPR compliant in your recruitment? Come along to our seminars in March to find out more.

What is ‘Personal Data’?

As dictated by the Information Commissioner’s Office (ICO)

“The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.”

With that being said – it’s not just a case of protecting the data. To ensure full GDPR compliance, there are seven fundamental principles that are, ultimately, in place to drive full compliance.

But first – it’s probably best we cover off some of the key definitions of the GDPR, so you understand what we’re referring to as we go through…

Data Controller – The Data Controller is the individual who determines the purposes for and the manner in which any personal data is to be processed. 

Data Processor – Any individual who processes the data on behalf of the data controller.

Data Subject – An individual who is the subject of personal data storage (i.e. you or I, if our data is kept on any database).

Personal Data – Any data which relates to a living individual, who may be identified:

  • From that data, or;
  • From the data and other information which is in the possession of, or is likely to come into the possession of, the data controller.

Processing – In relation to information or data, processing means obtaining, recording or holding the data, or carrying our any operation(s) on the information or data.

Sensitive Personal Data – Sensitive personal data, whilst being separate to standard personal data, refers to the data consisting of the following information:

  • The racial or ethnic origin of the data subject;
  • His/her political opinions;
  • His/her religious beliefs or other beliefs of a similar nature;
  • Whether he/she is a member of a trade union;
  • His/her physical or mental health or condition;
  • His/her sexual life;
  • Any criminal information, and;
  • Any proceedings for criminal acts.

Third Party – A third party, when related to personal data, refers to any person other than: the data subject; the data controller, or; any data processor.

Now that’s covered – the 7 fundamental principles of full GDPR compliance:

The Fundamental Principles of GDPR


Accountability is what you would expect – the data controller(s) can demonstrate an organisation’s data processing remains compliant with GDPR at all times. In short – they can be held accountable for ensuring compliance.

This remains one of the most significant changes as we progress from the DPA to the GDPR – before it was acceptable to simply comply, whereas under GDPR this compliance must be demonstrable.


The accuracy principle is exactly what it says on the tin – it demands that all personal data that’s held on file is completely accurate and, where necessary, kept fully up-to-date.

GDPR dictates that any inaccurate or ‘old’ data should either be deleted or amended in a timely fashion.

Data Minimisation

Data minimisation, as a fundamental principle of GDPR compliance, asks that any information requested is adequate for the processing task at hand. In short, controllers must ensure that any additional or superfluous data should be destroyed in an appropriate manner.

For many – data minimisation will pose a considerable issues, especially for those with large archives of historical data.

Integrity & Confidentiality

Integrity and confidentiality asks that all personal data that is processed shall be done in a way that ensures the security of the data subject.

Lawfulness, Fairness & Transparency

Firstly – this principle ensures that all personal data is processed lawfully. Secondly – it ensures that all of  the data subject’s information is handled fairly and transparently.

To put this into perspective – 57% of individuals do not believe companies are transparent in their use of data. Think about the repercussions of this, in terms of your reputation as an employer and as an organisation.

Purpose Limitation

Purpose limitation dictates that all personal information accrued and stored by an organisation is used for ‘clear and legitimate purposes’. That same data shall not be processed for any additional purposes other than those explicitly outlined and understood by the data subjects when collecting the information in the first instance

In short – all of your data should have a purpose. And, it should never be used for anything other than that purpose.

Storage Limitation

Storage limitation is potentially the least defined and most ambiguous principle and concept. Essentially, storage limitation asks organisations to ‘not hold personal information for longer than is absolutely necessary and outside the purposes for which it was initially collected.’

Essentially – storage limitation refers to limiting how much data is stored. There is no time period that is specifically outlined as ‘longer than is absolutely necessary’, as it comes down to a legitimate business need. This is to be decided by your business, and expressed to any third-party that you subsequently engage.


Following each of these principles – there are a few elements of the GDPR that will affect your recruitment…

Key Elements that will affect Recruitment

First and foremost – the rights for individuals/data subjects under the GDPR. Individuals have every right to subject access (i.e. requesting to see all of the information you have on them as an identifiable individual); to have inaccuracies corrected, to comply with the accuracy principle, and; the right to erasure, whereby they must be deleted. Not archived or cached – they must be irretrievably removed from your database.

Secondly – your privacy policies will need to be updated, and kept up-to-date, to incorporate the new things you need to tell your candidates. These will include, but not be limited to, their right to erasure, and your legal basis for processing their data. It’s also not enough to just update your policy and leave it on your website – you need to evidence your candidates’ receipt of the privacy policy.


Given all of the above – our internal Data Protection Officers have pulled together a few top tips to help you understand what you need to do now:

So, what do I do now? Our Experts’ Top Tips

  • Be proactive – don’t wait, plan and act

The worst thing you could do is wait for GDPR to arrive before you even think about how it will affect you and, therefore, what you need to do to achieve compliance. Take control of your compliance – be accountable, and mitigate your risks.

But, don’t try and take everything on at once – get the easier bits done first. If you wait until you have no choice but to focus on GDPR – mistakes will be made, and wires will be unnecessarily crossed.

Plan what you’re going to do, and make sure you stick to it. Give yourself as much time as possible to achieve compliance, because it’s not just about doing it – it’s making sure your workforce understand how to do it, too.

  • Don’t just focus on the GDPR – look at the bigger privacy picture

The GDPR is part of a much bigger privacy initiative – focusing solely on compliance could mean you fall foul of the current Data Protection Act, which you certainly don’t want to do.

Familiarise yourself with the DPA, GDPR, and the ePrivacy Regulations which are slated to come into play during 2019. Once you understand all of these – incorporate them into your plan and see yourself with a more rounded picture of what privacy compliance truly looks like.

  • Clearly decide and document your basis for legal processing

This is important – your legal basis for processing comes into play in more than just the high-level compliance. It also comes into play with informing your current database of privacy policy updates.

In total – there are currently 6 legal bases for processing personal data. Most lawful bases require that processing is ‘necessary’, according to the ICO. However, if you can reasonably achieve the same purpose without the processing – you haven’t got a lawful basis. These 6 lawful bases are as follows:

  • Consent
  • Contract
  • Legal Obligation
  • Vital Interests
  • Public Task
  • Legitimate Interests

Document your legal basis for processing, and justify it.

  • Review your current candidate database

As a recruiter – you will have a tonne of data. Most of which, in all fairness, you probably won’t need. As a means of reviewing your current candidate database, you should look to dispose of the following three categories, which will probably constitute 30-50% of your data:

  • Redundant Data – remove all duplicate contacts and candidate information, because it isn’t necessary;
  • Obsolete Data – all ‘old’ records should be removed, because you no longer need them and, under GDPR, you cannot keep data because you think you ‘might need it at some point’;
  • Traded Data – any data that you have mined, found or purchased from elsewhere, because it definitely won’t be legal to process under GDPR.

Realistically, getting rid of data isn’t as bad as it seems anyway. Less data means your IT costs are automatically lower, and you have more control and reduced risk. What more could you want?

  • Train your team in Privacy & Security

To make GDPR truly work for your company – it needs to be instilled as part of your culture. It’s more than just a bunch of hoops that you need to jump through – for longevity, you need it to be adopted by everyone. Make privacy and security key cultural aspects of your organisation.

It’s as simple as appointing someone in charge of GDPR compliance – and getting them to run workshops, training, coaching and mentoring sessions with your employees. Once this training has been completed – it also needs to be repeated regularly, to keep everyone on their toes and reduce the likelihood of an issue.

  • Review your supplier contracts and ensure third-party compliance

If the data is yours – you are the data controller. Regardless of whether it is processed elsewhere or looked after by a third-party – you are responsible, and liable for any fines or breaches of data security.

In that vein – who are you sharing your data with?

Review third-party capabilities, and conduct a Privacy Impact Assessment (PIA) if necessary. Are they sub-contracting to anyone else? If so, the sub-contracts also need to comply, and you are liable for them if anything goes wrong.

Once you understand the extent of the data you’ve been sharing – issue new contracts in line with the GDPR, and clearly define responsibilities, obligations and liabilities.

However, as a rule of thumb – you should always try and reduce the amount of data you share with external partners.

  • Dedicate time, energy, resource & look externally for unbiased help

There are few, possibly even no, quick fixes to GDPR compliance – which comes back to my previous point of being proactive, and starting now. Dedicate time and resources to ensuring compliance – invest in it.

Take time to understand how the GDPR affects the whole organisation – where are the cross-functional dependencies?

Also, you should never be afraid to ask for help or advice. If you’re not competent in GDPR – ask someone who is. Find someone competent in strategic planning and problem-solving, who preferably understands recruitment, and ask them to take a look at your processes and build you a plan.

  • Evidence absolutely everything you do

Right from the get-go – document everything you do that’s related to GDPR.

Show how you work things out, dictate the reasoning behind your plan and outline exactly why you chose to do what you’re doing. Evidence-based accountability goes a long way towards proving compliant efforts to the ICO – evidence provides you with some level of leniency.

The ICO understand that the GDPR is a massive change, and definitely more convoluted than it needs to be. As such – they’re prepared to give ‘the benefit of the doubt’. To some extent, anyway. If you do something wrong, but have evidence of a Risk Gap Analysis and Mitigation Plan – what would be a fine may result in a good telling off and an audit, with the view to advise you as opposed to penalise you.


In conclusion – the upcoming GDPR isn’t something to be taken lightly.

However, at the same time – it’s nothing to be afraid of. Invest time in understanding how it works for you, and plan out exactly what you need to do. Make GDPR compliance ‘business as usual’, and you won’t encounter any problems.


Do you want to learn more about GDPR compliance in recruitment? During March 2018, our Data Protection officers are holding interactive seminars in Solihull and London. If you’d like to come along – save your space, here.