GDPR for recruitment

The General Data Protection Regulation (GDPR) comes into effect this May. With some of the headlines surrounding the new legislation, you could be forgiven for believing it’s an insurmountable challenge. However, with the right tools at hand, in-house recruiters will be able to take the GDPR in their stride.

Having the right technology in place will be of particular support when preparing your organisation and data practices. How? Our In-house Recruitment Technology Conference partners at Hireserve share 10 ways in which technology can save you from non-compliance risks.

1. Automating your data retention processes

You will have new responsibilities surrounding building and maintaining talent pools under the GDPR. This will mean keeping track of what candidate data you store, how long you’re storing it for, and being able to archive or erase it after your determined retention period.

With an ATS or CRM, you should be able to automate these processes. This means being able to easily track the information you have and how long you’ve had it, as well as being able to set up an automatic archiving function, to ensure you don’t exceed your data retention period.

2. Displaying your privacy policies on your careers pages

The new legislation requires your privacy policy to be clear and easily accessible.

Including a link to a privacy policy next to your application forms, as well as in a clearly visible position throughout the rest of the application process, is a great way of ensuring your candidates can quickly and easily access it.

3. Responding to and managing candidate requests

The GDPR introduces new candidate rights, including the ‘right to rectification’. This means if a candidate asks you to correct or update their personal data, you must do so within one month.

Having the right processes in place to allow candidates to request a change to their data (or to request you delete their data), is vital under the new legislation. One way you can manage candidate requests is to ensure your candidate portals display a link to an email address that you check regularly, for example.

4. Actioning candidate requests

Once you’ve received a request from a candidate regarding their personal data, you need to be able to action that request within one month.

Storing your data in an online database should allow you to search for information quickly, and then be able to amend or permanently erase it with ease.

5. Communication with your talent pipeline

Ahead of the GDPR, you need to ensure the candidates in your database are aware of, and have consented to, their details being stored in your system. This means you’ll need to contact every candidate to ask if they consent to their details being held, and for what length of time.

Utilising a system that can automate these communications, like an ATS, will significantly cut down your time spent on creating and sending them, as well as receiving and sorting through any replies.

6. Data security

You can also encrypt messages sent via your ATS, which will enable you to add an extra layer of security to your outgoing communications.

This becomes particularly important if you need to send a candidate’s data to a colleague.

7. Tracking communications

Your ATS’ communication tools can help you accurately record interactions with candidates, for example when and how you contacted them, and when (or if) they responded.

This is essential if you ever need to undergo a data audit.

8. Auditing other data trails

Using an ATS or CRM will also enable you to track when and why you’re collecting a candidate’s data.

For example, you must be able to prove when and how you actioned candidate requests, or if you obtained consent, if required to.

9. Instant access to accurate data when you need it

With an online recruitment system, you should be able to quickly recall these details when needed, and trust them to be accurate.

You should then be able to build reports and export that exact data at the point you’re asked for it.

10. Reducing human error

Storing your data in a secure online database, like an ATS, also simply reduces the risk of a data breach caused by human error.

This covers anything from accidentally leaving an applicant’s file on a train, to a colleague glimpsing confidential papers left on your desk.

With the right technology, we believe the GDPR is a great opportunity for your organisation to refresh its data protection processes and data security. To find out more about how an ATS could help you prepare for the upcoming legislation, and for other helpful resources, visit


Leave a reply

Your email address will not be published. Required fields are marked *


©2019 In-house Recruitment | GDPR Guide | GDPR Policy | Privacy Policy | Terms and Conditions

Log in with your credentials


Forgot your details?