You may have heard of the General Data Protection Regulation (GDPR) which came into effect in late May.  Broadly, it’s a European Union (EU) regulation that covers how organisations can collect and store information on EU citizens. Individuals have the right to inspect that information and request that it be modified or deleted. Over here in Southeast Asia, some might say, “yes, but it doesn’t affect us”.  Well, it could, and we all need to consider it as there are significant penalties for non-compliance.

Naturally there is much comment in the EU about GDPR. To an extent we’re lucky, here in Asia, as we can watch how the Europeans comply, and then adapt.  But most international companies (including us) have already started working on it. If you have an account with an EU financial institution, you may have received an email asking for your permission to hold your information.  It might come soon – everyone has to be asked individually. There must be a good reason to hold your information, they can’t store data that serves no purpose.  Another requirement is that it must be as easy to say no as to say yes: no more long forms filled with scary legal language (that none of us really reads or understands anyway).

So you see, this is really a big deal.  If you’re reading this online, here are two useful websites: and  Start there. From our point of view, GDPR gives us an opportunity to clean house, improving our database to make sure it complies. And then we can use it as a marketing tool. We will show our more thoughtful clients we know how to treat private information (we have a lot – your resume and much more).  Many of our clients are multinationals, also struggling with GDPR compliance; and we anticipate sharing our experience with them will improve our relationships.  Candidates will be more confident using our services (which are free anyway) as they know we treat their information with respect. We don’t send out resumes to clients without candidates’ approval. Some recruiters do, which might, in the future, get them into trouble.

It has been two years since the EU sought to update its 1995 privacy directive; this is what we have now.  And it’s big, with lots of heat and smoke being generated in the search for compliance. It reminds me somewhat of the Y2K fuss. And Sarbanes-Oxley in 2002; controversial at the time, but it helped a lot of organisations resolve potential conflicts of interest. Maybe GDPR will be like those two.  The good news is that because of where we are in the world, we can pause to see how the Europeans deal with it, and then follow the best approach, avoiding their mistakes.

Gary Woollacott is an executive search consultant who works for Horton International in Vietnam, Thailand and Laos. He can be reached at

+84 8 3910 7682 or via