As a recruiter, your candidates’ personal data is typically your stock-in-trade. Data privacy has been a matter of concern for many government and regulatory agencies. As a result, from May 2018, the General Data Protection Regulation (GDPR.) was imposed by the European Union. Data protection is very important, even in the field of HR and recruiting. So, in this blog, we will walk you through GDPR And Recruitment: A complete guide for recruiters on how they can be compliant with GDPR norms.
Being a recruiter isn’t easy. Especially now, when we live in such unprecedented times. Digital technologies have spread rapidly and transformed the way we function. So, amidst such agile changes, data privacy has been a major concern for many regulatory authorities. As a recruiter, handling the private data of your candidates right from the moment they apply to onboard them, is solely your responsibility. So, to help you comply well with the GDPR norms here’s a complete guide.
GDPR And Recruitment: A Complete Guide For Recruiters
What Is GDPR And What Does It Mean For Recruiters?
The old Data Protection Act was drawn up before LinkedIn and Indeed existed. They were put together in the era when the internet was a novelty. So, clearly, there was a need for the data protection laws to catch up with the digitization of the recruitment world.
As a result, in May 2018, European Union imposed the General Data Protection Regulation. This law aimed towards protecting the EU residents’ personal data and rights to privacy. It gives individuals more control over how their private data is being collected and used online. This involves all the information right from the candidates’ contact information to salary expectation details.
From a recruiter’s point of view, they need to take every possible step, including technical safeguards like encryption, to ensure people’s data protection. If you’re a recruiter and collect data from candidates who are residents of Europe, the GDPR applies to you. So, GDPR puts immense pressure on you and your organization to comply with its different aspects.
Now that we’re familiar with the basic idea of what GDPR is, let’s move on to knowing a little more about it.
Basic Terms Of GDPR For Recruiters
Compared to previous data protection rules, GDPR focuses greatly on why data is collected, and the individual is aware of the reason. So, here are the basic terms of GDPR that you need to know as a recruiter.
Data Subjects
These are the candidates and employees who reside in Europe and who you collect data from. They are known as data subjects mainly because they are identified through the data that they provide to companies and organizations. For example, when a candidate applies for a position, their applications include data like their names, phone numbers, addresses, etc. The GDPR specifically aims at protecting this data.
Data Controllers
Data controllers are simply the people, companies, or organizations who collect data. In this case, if you’re a recruiter, you are the data controller. You collect data from your candidates or future employees for various purposes. That’s why recruiters and employers come under the category of data controllers. So, as a recruiter and employer, you are responsible for protecting your candidates’ data and use it lawfully.
Data Processors
Data processors are simply the software solutions like Applicant Tracking Systems and Recruiting Software that recruiters use during their entire hiring process to sort through candidate data. It involves all the tools that take in your candidates’ data and process them into reports and analytics on behalf of your company.
Key Aspects Of GDPR For Recruiters
For recruiters and employers, here’s how the GDPR affects your core operations.
Legitimate Interest To Process Candidate Data
The GDPR compels recruiters and employers to collect and process data only for specified and legitimate purposes. For instance, if you’re hiring a candidate for a role, you can collect information related to that specific role only.
Candidate Consent
Along with legitimate interest to process data, the GDPR also requires you to ask for the consent of your candidates while processing their data. You need to ask for consent for a wide spectrum of information like disability, culture, gender, ethnicity, or any other information gathered via a survey or during a background check.
Transparency For Data Collection
The GDPR obliges recruiters and employers to be very transparent and clear about their privacy policies. Also, the candidates should be well informed about the privacy policies. Apart from the disclosure of the privacy policy, you also need to disclose all the steps of your hiring process to your candidates. Transparency is one of the key aspects of GDPR and recruiters need to comply with it.
Accountability And Responsibility
This is probably the most important aspect that GDPR affects in recruiting. As a recruiter or employer, you need to assume responsibility towards the compliance of GDPR. You and your organization are entirely accountable for who you do business with. Be it an ATS company or recruiting software, each stakeholder involved in your recruiting process should comply with the GDPR.