Using recruitment software to reduce your GDPR risk

GDPR is the buzzword on everyone’s lips at the moment – what is it, and more importantly, how will it affect your business?

Whilst the laws seem fairly fuzzy at the moment, it is likely that they will become clearer once implemented, so keep a keen eye on the business news after 25th May 2018.

Until then, we know that the aim of the legislation is to bring the UK into the modern world in which its data is being used. Whilst the new data laws will give individuals more control over how their personal data is being used, it will affect businesses nationally – and their HR and L&D teams.

GDPR covers and protects personal and sensitive data – much of which is handled during recruiting, talent management and employee affairs.


Article 5 of GDPR requires that:

  1. Information should be processed lawfully, fairly and transparently in relation to individuals
  2. Information should only be collected for specified, explicit and legitimate purposes
  3. Information is necessary, adequate, relevant and limited to what is necessary
  4. Information is accurate and up-to-date
  5. Information that permits identification of data subjects should not be kept longer than necessary
  6. Information must be processed in a manner than ensures appropriate security of the personal data



The consequences are hard and clear.

Any data breach that poses a risk to the rights and freedoms of individuals must be reported within 72 hours; failure to do so could result in a penalty of up to 2% of your annual worldwide revenue or €10 million – whichever is the highest amount.

However, fines could be even higher if you disregard the basic principles for processing data which includes:

  • You fail to gain consent from candidates or employees to process their data; or,
  • You do not provide candidates or employees with the option to amend their data

The penalties for the above an be up to €20 million or 4% of your global annual turnover – whichever is greatest!


By following three simple steps, you can help safeguard your organisation by complying with GDPR rules:

  1. Map your data. Ensure that you know what data you store, where it has come from and how it is being processed. You will require explicit consent from every contact in order to process your data lists in your existing systems. You will also be required to maintain records of how you process information.
  2. Review your data policies. Your Privacy Policy will need to abide by the new GDPR regulations, so review this as soon as possible. This Privacy Policy will give candidates and employees more control over their personal data whilst highlighting your business’s data collection policy.
  3. Put procedures in place. Whilst you can protect yourself against a data breach, certain procedures need to be put in place. You will most likely need to update these procedures prior to the GDPR rulings coming into play.


Your HR and L&D systems should enable candidates and employees to log into their accounts to manage their own data. They should be able to update their information, make amendments and control notifications and alerts – or even opt out or deactivate their accounts.

This has the advantage of reducing administration for HR and L&D teams, whilst ensuring that candidates and employees feel confident in the accuracy of their data.

Software should also have options to control the length of time that data is retained in the system to allow you to delete data in line with your Privacy Policies. Batch purging will help your administrative team facilitate the process of removing inactive candidate accounts on our system and update data to ensure compliance.

To further ensure compliance, safeguard your data by ensuring that only those that have specific need to access data will be able to view it – with varying permission levels, potential compliance issues can be reduced.

Finally – gain explicit consent from candidates and employees with your software. Your GDPR Privacy Policy should be easily accessible and the software should request that individuals manually tick a box to explicitly provide consent for their data to be processed by your software and controlled by you.

Watch out for our GDPR eBook being released next week: with an entire guide on how to safeguard your recruitment strategy, we are sure that you will find this a valuable resource!

We are proud to have now released our eBook ready for download at your convenience.

Good luck with the incoming GDPR rules – whilst this is not intended as legal advice, it should help aid your understanding in the basics of GDPR and guide your understanding in how HR and L&D software can help to ensure compliancy whilst reducing administration.

Share This Story, Choose Your Platform!