Recruiting in the Age of Data Privacy Laws

The past few years have ushered in many positive changes regarding online privacy and security. Multiple countries have passed new laws to protect their citizens’ data online. The aim remains to give people control over how organizations can use their personal information. Thus, these laws create guidelines for those same organizations to be respectful towards their clients, users, and web visitors.

But here’s the deal. While regulations like GDPR represent a wonderful framework for making the internet safer, they also come with a drawback: they can make it difficult for businesses to do their jobs well. So, if you’re a recruiter, here are three key things you need to know about recruiting in the age of GDPR.

You need candidate consent to handle personally identifiable information (PII)

The most important thing you must remember about recruiting in the age of GDPR is that you need candidates’ consent when handling their PII. To ensure you’re in compliance with the law, you must ask for that consent clearly and transparently, and you are required to dispose of any candidate data should they request deletion.

Create an informative recruitment privacy policy

To be compliant with GDPR and transparent with candidates, you will need to create a privacy policy that explains how you, as a recruiter or recruitment company, plan on collecting, processing, and protecting candidate PII. This policy needs to provide candidates with the following information:

• What data will you collect, and why do you need it?
• What purposes are you collecting data for? (Make it clear that it’s for recruitment purposes.)
• How long will you store the data?
• How can candidates withdraw their consent or request access/deletion of their data, and who can they contact to do so?
• Disclose any recipients of candidate data (in case you’re a recruiter or agency hiring on behalf of a client.

This is probably the toughest part of being GDPR-compliant during the recruitment process, which is why many businesses opt to use online legal policy generators like TermsFeed.

For small companies, these are an excellent option as they’re cost-effective and do a solid job of protecting your business. However, keep in mind that if you run a large recruitment business or want to be 100% sure your organization is protected, there’s nothing better that you can do to guarantee peace of mind than to hire an experienced legal advisor.

Don’t collect data you don’t need

One common mistake businesses make when it comes to remaining GDPR-compliant is that they collect more data than they objectively need. The problem is that this unnecessarily opens them up to risk and requires them to handle and protect the information they have no use for.

With this in mind, if you’re recruiting candidates, make sure you:

1. Only collect information that’s relevant to the recruitment process.
2. Don’t hold onto data once the recruitment process is finished.

If you find that you want to retain a candidate’s information after the period set out in your privacy policy, you will need to get their consent to continue using their data in the future. If you choose to do this, make sure you explain why you wish to keep a specific candidate in your database — they’ll probably be OK with you holding onto their contact information if you feel like they could be a potential fit for a position down the line.

In Closing: Stay Transparent

While it may seem like privacy protection laws such as GDPR unnecessarily complicate the recruitment process, remember that they’re essential for you to uphold — especially if you consider the consequences of not doing so.

But, instead of regarding GDPR as just another hurdle on the way to hiring the best candidates for the position, aim to look at it as an opportunity to build trust with future hires — from the very moment you meet them. Once you do that, you’ll quickly find that it’s worth the extra effort. More likely than not, creating a clear and informative privacy policy won’t seem like that big of a hassle.