<img src="https://secure.wait8hurl.com/197941.png" alt="" style="display:none;">
Candidate Access
Log in
Sign up
Ask your demo now
HR technology

A Comprehensive Guide To GDPR in Recruitment

Data privacy has become a prime concern for both consumers and organizations. Data privacy and security have become a hot topic following the increasing number of people entrusting their personal information with web-based platforms or cloud services. At the same time, data breaches are a common occurrence. 


The GDPR is considered the toughest privacy and security law in the world that applies to any organization across the world that intends to collect data from people in the EU. Organizations that violate the law are likely to pay heavy fines


Now, the question is how GDPR is relevant to recruitment. If you're a recruiter, it’s your prime responsibility to handle the private data of your candidates with great care and consideration. 


Since GDPR is a key aspect of how you obtain or use your candidates’ personal data, it’s important to learn about this new law. In this post, we’re going to explain GDPR, what it means in recruitment, and how you can ensure GDPR compliance

What is GDPR?


Whether you’re a hiring agency or a job seeker, your data is crucial and must be protected. Considering the importance of data privacy in today’s digital world, the European Union came up with several data privacy and security laws in 2018 and named them GDPR or General Data Protection Regulation


If you’re an entrepreneur, business leader, or recruiter, you probably have come across the term GDPR over the last few months. Enforced by the European Union, GDPR has an impact on organizations across the globe. 


For example, if you own a business in Australia but your web presence involves collecting data from the EU over the internet, GDPR applies to your business. Likewise, if you’re a US-based company that also caters to an EU audience, you’re likely to be affected by the new law. 


The regulation itself is large, far-reaching, and fairly light on specifics, making GDPR compliance a daunting prospect, particularly for small and medium-sized enterprises (SMEs).

GDPR and the recruitment industry 


Recruitment agencies and employers need to be GDPR compliant as their job may involve collecting and storing candidates’ data. A failure to meet GDPR standards could lead to a bad company reputation and heavy fines. 


When it comes to recruiting, there are two key steps during which a candidate usually shares their information: application form submission and processing. This new le


Here are some quick highlights of how GDPR impacts your recruiting efforts: 

  • Rights of your candidates/applicants under GDPR 


As a recruiter, you have legitimate interests to collect and process candidate data. However, GDPR demands you to respect the following right of your applicants

  • Candidates have the right to access or request their information in electronic format. .  

  • You must update or rectify candidate data in your database after a candidate tells you about incorrect or incomplete info.

  • You have to delete candidate data if you have obtained candidate data without their consent, or if a candidate decides to withdraw their application or doesn't want their application to be processed. 


The key point here is the consent of candidates on how they want recruiters to access and process their sensitive data. As a hiring manager, you need candidate consent when you need to process cultural, personal, or genetic information. When asking for consent, be sure to communicate your message in a clear and intelligible way. 

  • Need for a clear privacy policy 


One of the objectives of GDPR is to encourage organizations to be transparent about processing consumer or candidate data. As a recruiter, you must have comprehensive recruitment privacy policies and then make them available to your candidates and employees. Also, it’s important to inform your candidate about the applicant tracking system (ATS) where you store all their data for recruitment purposes. 


Compliance with Applicant Tracking systems (ATS)


The ATS you use for hiring processes does matter when it comes to GDPR. Any tool you use to process candidate data must be GDPR compliant. Not sure what it really means? Here is what you need to do when selecting an ATS for recruitment: 

  • Implement an ATS that puts heavy emphasis on data security and transparency. 

  • Store your candidate data in one place so that you can easily modify information. 

  • Choose a smart ATS that automates the process of obtaining and storing candidate consent. 

  • Make sure your hiring manager and other HR staff have a secure and compliant platform to review and process CVs. 

  • Mention data processing and recruitment policies on your application forms. 

  • Ask for consent at every step of the hiring process where you need to process candidate data. 

  • Don’t retain candidate data for too long for no reason. Once you’re done with hiring for a position and you no longer need the supplementary info, delete it from your system. 

AI-based, automated recruitment platforms are more reliable and secure than conventional ways of collecting, storing, or processing candidate information. It’s not practical for any progressive organization to use manual hiring methods and manual spreadsheets. 

Therefore, make sure to implement a GDPR-compliant ATS to ensure data privacy and protection. Implementing cloud tools can further reduce your chances of facing a security failure down the road. 


GDPR Compliance tips for recruitment agencies

Do you have a legal team that helps you formulate the terms and conditions and privacy policies of your company? If not, consult people who have expertise in GDPR. This will help you prepare a checklist of how to ensure GDPR compliance throughout your recruitment processes. 


When redesigning your hiring processes, double-check that you’re storing candidate data such as resumes in your database with candidate consent. Also, make sure to re-evaluate your contracts with third-party customers and vendors to meet GDPR requirements. 


Wiggli can solve your GDPR-related challenges once and for all 

Streamline your candidate database and the rest of your hiring processes with Wiggli which is a GDPR-compliant talent management system. The ease of data management and smart automation capabilities of Wiggli will help you stay compliant while achieving your talent-hiring goals with ease and speed.