How GDPR will affect your recruitment website?

For those of us who work in the world of recruitment and talent acquisition, there’s no doubt that we’ve read the many doom and gloom articles regarding the European Union’s General Data Protection Regulation (GDPR) changes and the impact it will bring to recruitment. The new GDPR will impact on the way we all collect, process, track and store candidate data and one thing is for sure, it will be the greatest shake-up in the history of online data privacy regulations. However, although the changes will grant job seekers and candidates unprecedented rights, successful recruiters who excel in GDPR will be able to reap the rewards of empowering candidates and leverage the changes to build better and more productive relationships, whilst increasing the candidate experience to a new level.

The basics

Let’s start by looking at the basics: whilst the GDPR is indeed a complicated piece of legislation with its 88 page legal document and numerous articles and clauses; it simply is all about personal data.
GDPR was designed as a replacement for the current Data Protection Directive 95/46/EC and will be introduced on 25 th May 2018. Although an EU legislation it looks unlikely to be affected by Brexit. Designed to protect European citizens’ personal data through tighter regulations, it is mandatory for all organisations, even non EU based, that process the personal data of EU residents across the globe. In simple terms, it will be unlawful to use an EU citizen’s personal data without their explicit consent.

What is personal data?

The European Commission has said: “Personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”
So it really does cover everything and under the new laws candidates must give consent for their personal data to be collected and used, it needs to be completely clear to how the data will be used and candidates can ask for their data to be removed at any time. Additionally, an organisation is responsible for the safekeeping, security and access to any third parties of the data.
Non compliance can result in harsh penalties with fines up to €20 million or 4% of the companies global turnover (whichever is greater).

The impacts on your recruitment website

In today’s recruitment market, your recruitment website should utilise the processing, analysing and management of candidate data to be strategic in attracting finest talent. The new rules, if implemented properly, will not prevent you from utilising personal data to learn all you need about candidates. However, consent will be one of the fundamental requirements and obtaining consent will be compulsory for every single usage of personal data. Pre-ticked checkboxes and reams of pages of terms and conditions will not be appropriate. Every candidate will have to actively give explicit consent through easily accessible and intelligible forms, which clearly contain the purpose of and how you will use the candidate’s data. You will also need to be clear on how the data will be stored and remains secure. It will also be essential to allow the candidate to access and review their data at any time, with the option to ask for updates.
The ‘right to be forgotten or right to erasure’ is another key element of the legislation, so there will need to be an option which allows the candidate to request that their data be erased, when the original recruitment process is completed. This new addition to the legislation will impact on any Applicant Tracking System (ATS) utilised, as candidates will be able to apply for a role, be rejected and then request under their ‘right to be forgotten’ for their details to be erased. This will prevent the data from the ATS from being used again if they apply for another role or at another location. It will also be necessary if a ‘request to remove’ is received to remove all data from ATS sourcing tools such as LinkedIn.
Indeed, the candidate experience will become paramount with every step in the compliance process, ensuring the candidate remains the focal point. When consent is actively given you will still be able to utilise the data your recruitment website offers to send emails from mailing lists, for example. Whilst these new requirements are tough, compliance will help build trust and loyalty from your candidate pool. The new requirements of ‘data portability’ where a candidate’s data must be provided to them in a portable format, allowing them to transfer their data easily to you, could even offer the opportunity to streamline your recruitment processes or at the very least you can have the data history from candidates at the beginning, allowing your relationship with them to hit the ground running.
Preparations for the GDPR will require your recruitment website to be audited to ensure compliance, and although it will put a strain on time and budget, it will ensure your recruitment website is more agile and future proof. Any audit will provide an opportunity to offer new services and solutions that benefit not only you but the candidate. You can empower your candidates by showing them that they truly have ownership of their personal data. Each step you take to be compliant, including all the improvements you make to the security of personal data, helps you build trust with your candidates. Communicating your compliance enables you to emphasise your trustworthiness, and as we know, reliability is the basis of all lasting recruitment relationships. By implementing GDPR, your candidate experience may climb higher than ever before.
What is truly clear about how GDPR will affect your recruitment website is how it will make your site the key to making the whole process of recruitment work for your organisation.
The most significant change GDPR will bring is the need for a paper trail regarding your data management and your recruitment website can be the solution to this. Having a centralised system that handles all of your candidate data is imperative under GDPR. It will be more challenging to ensure compliance to the upcoming regulations if your data is being stored in multiple applications such as Excel, Word, Outlook and/or a recruitment CRM. By handling your data collection process in one place, you can monitor how data is being collected, stored and used without ambiguity.


For further information on GDPR visit:

Posted in