min read

GDPR in Recruitment: DON’T do this

Every business in the EU has to comply with the GDPR, that also applies to recruiters and noncompliance can cost a business as much as 4% of annual revenue.

September 29, 2020
Yuma Heymans
September 7, 2022

The General Data Protection Regulation (GDPR) is a regulation of EU law on data protection and privacy in the European Union.

The GDPR was designed to integrate data privacy laws across EU member countries and has the goal to help protect privacy rights to individuals by directing how businesses and organisations can process the information of individuals.

As a result, many recruiters wonder what data they can still use and under what circumstances.

The good news is that a lot of personal data can still be used for recruitment purposes.

But how you use the data is key in being and staying compliant and preventing fines that can go up to 4% of the entire company revenue.

Since you rely on personal data as a recruiter this blog informs you about what not to do and what to do to be and stay GDPR compliant.

Who must comply with GDPR?

Anyone in the EU who works with personal data must comply to the GDPR.

What is personal data?

In simple terms, personal data is any information related to an individual.

The official definition of personal data is “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

What happens if you don’t comply?

Then your company risks fines up to 4% of the annual global revenue of the company or €20 million, whichever is greater.

What NOT to do

❌ Do NOT use candidate data for purposes other than recruitment. For example, don’t use candidate information for marketing or commercial uses unless they have given consent for these other purposes.

✔️ Always be aware about why you are processing data and limit the use of data to that particular purpose. If you need to use the data for other purposes, ask for consent from the candidate.

❌ Do NOT use more data than you need for your purpose. Avoid collecting data on candidates at scale if you don’t need it in the process.

✔️ Minimize your data collection to the data needed for decision making and contacting the candidate.

❌ Do NOT use old and inaccurate candidate data. You are required to use accurate data about the candidate.

✔️ Review the data that you are collecting and that you already have in your database based on quality, relevancy and how up to date the data is.

❌ Do NOT have hidden and unclear policies regarding how you process data. The GDPR requires you to be transparent about what data you use and how you use it and process it.

✔️ Explain and document your practices regarding data processing. Answer any questions that candidates might have about their data.

❌ Do NOT do business with third party data and solution providers that are not GDPR compliant. It is your responsibility to do business with GDPR compliant partners and suppliers. You are accountable for any noncompliance of third party solutions that affect your practices.

✔️ Always check new solutions based on GDPR compliance and ask for argumentation and proof of compliance. Also re-evaluate your current suppliers on GDPR compliance.

Can you make use of third party data and solutions?

Many data providers and sourcing tools in the market are not GDPR compliant. Many solutions make use of private data sets that are not publicly available. The databases used for these primarily US based sourcing software companies make use of breached and leaked databases, two well known breaches are the People Data Labs leak and the Facebook leak.

Some tools are GDPR compliant and make use of publicly available information that can be linked to a legitimate professional purpose.

HeroHunt.ai is an example of a GDPR compliant tool that finds the best tech candidates through platforms like LinkedIn, GitHub and Stack Overflow and only uses publicly available data for professional use.

More content like this

Sign up and receive the best new tech recruiting content weekly.
Thank you! Fresh tech recruiting content coming your way 🧠
Oops! Something went wrong while submitting the form.

Latest Articles