Keep up to date /
Protecting candidate data during and after recruitment
Posted in Employers on Jun 19, 2018 by Keeley Edge
We’re sure, like us, you’ve been overloaded with emails, advice and information about GDPR. You’re probably fed up of hearing about it; we are.
Unfortunately, it’s not something that can be easily ignored if you want to avoid the risk of fines.
The main aim of GDPR is to protect personal data and the key thing for businesses is transparency. Individuals need to know what data you are collecting, how you are using it and that you are taking adequate steps to keep it secure.
Many businesses have focussed their GDPR efforts on the marketing side of their business, but recruitment comes with its own GDPR implications. If you’re recruiting, you need to be aware of the pitfalls when it comes to sourcing, protecting and using candidate data.
When you advertise a job and have CVs sent to you, it’s easy to assume that the candidate is consenting to you holding their data and contacting them. Whilst a candidate is probably expecting contact if they have applied for a job, they aren’t necessarily consenting to you adding their details to a database or storing their CV online or printing out hard copies and sharing with the team.
A system that records the time and date that consent is given is the best way to cover yourself. You should also make it clear to the candidate how they can opt out and request that you delete their data.
Storing applicant data
You should have a clear policy for how long you will retain data. If you receive a CV but decide not to take a candidate through to interview stage, do you need to keep their details? If you are inviting a candidate to interview, will you retain their data after the recruitment process ends?
If you decide to keep unsuccessful candidates on file after the position has been filled, you need their consent to do this. It should be clear how long you intend on keeping their details and what details you will store. For example, if you run a graduate scheme each year, you may want to keep a summary of a candidate’s skills and their contact details until the next recruitment cycle.
Candidates have the right to request to see any notes you made during the interview, so you will need a policy for how you will store these. If you are typing these up or uploading them to a system, then you need to ensure that it is secure and that you only retain these for as long as is reasonable to do so.
Any comments in the notes that could be viewed as discriminatory can cause big problems for companies. A structured scoring system with minimal notes can be a good option.
When offering a position to a candidate it is common practice to obtain references from previous employers. The former employer should not give any personal information about the candidate without their consent. You will find it easier to get references if you can prove the candidate has consented to you obtaining this information.
You should be as explicit as possible in what the consent covers. Is the new employee giving consent for the previous employer to disclose absence records, details of their role, comments around specific areas of their performance? Alternatively, are they consenting only to the previous employer confirming the dates they worked for them and the position they held?
Working with recruitment specialists
If you don’t recruit regularly or you don’t have a dedicated recruitment department, it is beneficial to work with a recruitment company. It is imperative that you only work with recruiters who meet GDPR requirements. The recruiter will be the ‘processor’ and will have very strict obligations. If they have taken the appropriate measures to meet their obligations, then it can mean less pressure on you, as their CV databases should all be protected and compliant.
There will still be requirements for you to ensure data is processed securely and within the parameters of the consent given. However, a recruitment specialist that is adhering to GDPR will be able to give you guidance on this.
Working with Key Appointments
At Key Appointments, we have gone to great lengths to ensure that we are protecting ourselves, our candidates and our clients when it comes to GDPR. We have clear policies and secure systems surrounding CV collection, obtaining consent and processing data.
You can be confident that when you work with us, we are taking all necessary precautions to protect you and the candidates.
If you would like to know more about how we are managing GDPR and how we can help you remain compliant during your recruitment process, then we’d love to chat.
Contact our friendly consultants to discuss any of your recruitment needs.
- Team Administrator - Sherburn in Elmet £9.00 per hour. Read more...
- Bookkeeper / Accounts Manager - Shipley, Bradford £25k-£30k per annum, dependent on experience. Read more...
- Internal Sales Manager - Batley, West Yorkshire £25,000-£30,000 per annum dependent on experience + bonus. Read more...
- Vetting Administrator - Leeds, West Yorkshire £17,000-£18,000 per annum. Read more...
Receive all our latest news and updates
Latest from the blog
19th March 2019
The real reason you’re losing staff
It’s easy to think employees leave simply because... Read more
13th February 2019
How to conduct a role and skills audit
A role audit helps you understand whether you are... Read more
16th January 2019
How to retain or replace great employees
‘New year, new me,’ often leads to people evaluati... Read more