Um - in replying to all did not B&M also then breach GDPR?

No, because they were simply replying to an email chain that they were a participant of.

Clowns!  

I leave you for 5 minutes.......

They clearly have no regard for my firm as a client as now I have been able to see them openly headhunting out from us. Disgusting and clearly desperate simply mailshoting that many candidates, utter embarrassment how far they have fallen. 

Unbelievable Jeff, they've had an utter nightmare there Jeff, an utter nightmare; They'll not come back from that one Jeff!

The question is, is the BD manager still going to apply for the role? 

Keep us updated. 

It could be worse. I had to work at this place for a (short) time.

 https://www.rollonfriday.com/news-content/exclusive-legal-recruiters-fake-staff-reappear

Starting to feel a little offended that they didn't send an email to my work address. I suspect my firm will block the companies email address's now seems to be the word.

 Have you got any more of this, or do you want to stop at quacking plums?

That is hilarious. Another awful legal recruitment agency showing themselves up once again! The fact they are messaging a large amount of people's work email addresses just shows how desperate they are. It is completely unprofessional and certainly isn't personal at all using blanket emails. 

Looks to me like the agency should be looking at their approach more than the individual itself. 

Doh!

"They clearly have no regard for my firm as a client as now I have been able to see them openly headhunting out from us."

Mate, so are the rest of the recruiters you're using.  (Well maybe not quite as openly as this, but...)

Clearly a partridge amongst the pigeons in that organisation

As awful as this agency actually is, they have some incredible hotties as staff... [redacted] *drools*

Independent to the disastrous breach of GDPR which in itself could lead to the downfall of any agency, I think the significance of an agency willingly disrespecting their own clients by headhunting out of them and sending emails to work addresses highlights this agency's lack of morals and company care.  The breach was clearly an error, and the agency will receive the relevant financial penalty but the intent of client and candidate disrespect was premeditated and deliberate. Being employers and HR professionals we have to ask the question who would use this agency again, either as a client or candidate if we can not trust we will receive discretion or honesty, the answer is clearly WE CAN'T!

Almost exclusively, as I recall, Ryder Reid business was from US law firms based in London (10+ yrs ago). You could see the recruiter's eyes glaze over when I informed them that I did not have previous paralegal experience working for US law firms. Never got a call back. On the plus side, they provided me with a confirmation letter stating I was registered with them straight after the interview - helped me pass the necessary ID checks to enable me to rent a property. Not all bad ... :-)

So many questions. From what you can see there are personal e-mails which I'm guessing prospective candidates disclosed? So maybe the firm e-mail addresses were also disclosed by the job-seeking employees - do they deserve the blame rather than RR? Or was this a LinkedIn cull-and-paste job? I thought one of the exceptions to a cold approach under GDPR was "legitimate business interest"? On the flip side, agree that disclosing PII is always going to be a bad thing.

The major questions: Are these failures significant enough for firms to think twice about instructing them? Or will this blow over like the massive data breaches we have seen in other sectors over the past few months? 

Gosh...the poor girl who wrote the email...has anyone given any thought to how she is feeling, awful I bet. It could have happened to anyone.

As for condemning the agency, I get that it is a mistake and ultimately their responsibility but unless they sit with everyone and watch what they are doing, human mistakes can happen.

I don't know their processes so don't know if it could have been avoided but having worked with them in the past as a client and candidate, I've always found them to be professional and friendly. From the article it seems they have also handled it well by speaking to the ICO for advice.

"They clearly have no regard for my firm as a client as now I have been able to see them openly headhunting out from us"

Do you imagine them to be under a duty to refrain from headhunting from firms that hire them?

How would their business work if they followed that principle?

Assuming she copied all, I think the Baker McKenzie response was considerably more cringe worthy than the original. To everyone out there determined to cc in witnesses and bystanders as you sternly dispense what may seem to you to be Solomonaic judgement by email - chances are you are being a pompous ass.

Best bit was that the subject line was 'Private'

Dear "Anon 26 October 19 12:14" / RR Crisis management attempt

1 No one said it was a girl

2 Policy, process + training = De rigeur for any job (and pls don't claim its because she was a new hire - in which case supervisor has to carry the can)

3 "Speaking to the ICO" - Is that all? Really poor and too late. Insert other lame excuse "The person involved is undergoing training"

I feel for SMEs chafing under the burden of the 1998 Act, magnified by the GDPR principles added in 2018. However, recruiters deal with PII day in, day out and have to tick all the boxes when signing up to work for the big boys. Not good enough, sorry.

Those who can't, recruit.

That Baker's comment was a bit rough.