GDPR for Recruiting

    What is GDPR?

    GDPR, meaning general data protection regulation, is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). GDPR applies in all EU member states.

    What is GDPR for recruitment?

    Within recruitment, GDPR refers to how an agency or organisation collects, processes, stores, and handles all the personal data of those applying for roles, any employees and anyone else involved within the hiring process. There are rules that must be followed in order for recruitment agencies to collect data from candidates in order to ensure that they remain GDPR compliant.

    GDPR Terminology for Recruiters

    Personal Data

    Personal data refers to any information that relates to a person that can identify them. For example, names, contact details, identification numbers (NI numbers for example), online identifiers, as well as anything else that could be used to correctly identify another person.

    Data Subjects

    Data subjects is the person that the personal data referred to above is about.

    Data Controller/Data Protection Officer

    Data controllers literally control the data. So, that could be recruitment agencies or employers that store candidate data, determine its purpose and how those in recruitment process data.

    Companies that process large amounts of personal data are required to have a data protection officer. Their role is to ensure that the company is GDPR compliant and acts as a point of contact between the company and the supervisory authority.

    The supervisory authority are the larger independent authority who are responsible for the monitoring and application of GDPR. They have the authority to conduct a data audit, ask for further information, issue warnings and ensure GDPR compliance.

    Data Processor/Processing

    A data processor is the person or recruitment software provider (like applicant tracking systems), that processes personal data. Recruiters in a recruitment agency are the data processors when processing candidate data for clients. Data processing refers to any action or set of actions that are performed on candidate data, such as :

    • Collection

    • Recording

    • Organising

    • Storing

    • Use

    • Disclosure

    • Erasure

    • Destruction

    Consent

    Candidate consent is one of the most key aspects of GDPR for recruitment agencies. Explicit consent must be given from the candidate prior to any data processing for job application forms and a background check. This consent must be: freely given, specific, informed, and unambiguous and take place before you collect candidate data.

    Right to Access

    When a candidate requests access to their data, they must be given it. The data subjects have the explicit right to obtain information about data requested from the data controller to determine whether or not data that is about them is being processed. Candidates access allows them to determine what personal data is being processed and how an agency will process candidate data.

    Candidates are also entitled to data portability. This is a right that allows people to obtain and reuse their personal data for their own purposes across different services.

    Right to Rectification

    The data subject has the right to request that inaccurate or incomplete personal data is rectified.

    Right to Erasure (Right to be Forgotten)

    A data subject has the right to request the deletion or removal of personal data when there is no reason for their personal data to continue to be processed.

    Data Protection Impact Assessment (DPIA)

    The DPIA is a process to assess and mitigate the risks of data processing, especially when connected to high risks to an individual’s privacy rights to avoid a data breach.

    How does Eclipse Recruitment Software help ensure GDPR compliance?

    Eclipse recruitment software has been tailored to support GDPR compliance. The software is fitted with access controls to ensure that data security is prioritised and aligns with GDPR regulations.

    The Eclipse Core Pro specifically has advanced capabilities when it comes to secure data transfers. This makes it ideal for larger recruitment agencies that need comprehensive GDPR solutions. The software empowers users to manage candidate data responsibly and mitigates the risks associated with data processing.