What Does GDPR Mean For Recruiters?

Posted by Bryony Gibson Consulting Ltd on 07/03/18

Business Services

With fines as high as €20m GDPR needs to be taken seriously, so to help me understand the impact I’ve turned to Eldon Jobe, founder and CEO of North East tech company HRS.

HRS, powered by RecruitmentForce, build, develop and support recruitment databases. They aim to ‘provide the best use of recruitment technologies to give recruiters faster access to the best candidates’; so if anyone understands the changes to collecting, using and storing personal data it should be them!

What are the biggest changes for recruiters?

One thing that’s very clear is we’re all going to have to change the way we think about data protection; especially in the recruitment industry.

Consent is the big issue, particularly historically stored data and job applicant approaches. People have the right to be forgotten. They must now give a ‘Grant of Consent’ and there’s a need for more transparency because companies are bound to provide the personal data they hold upon request.

What does ‘Grant of Consent’ mean?

A recruiter's most valuable asset is their relationships (or personal data) and from now on, if they want to use that data they need explicit agreement from the source; and that doesn’t just mean candidates, it also applies to clients.

What impact will this have?

Everyone who recruits must ensure they have express consent to hold personal data from everyone in their database and for each specific purpose it is processed, otherwise, it must be deleted.

In my opinion, the best way to do this is to make sure you have an integrated database that allows you to connect all of your systems (email, finance, data storage) and build a single customer view; which is easier said than done!

What other changes will come into force?

Once data is clean it doesn’t stop there. GDPR legislation states that ‘data can only be kept for an appropriate length of time’, but gives no guidelines as to what is appropriate.

Appropriate might be 12 months or it could be longer, so until we know more recruiters will need to have a process in place that allows them to periodically contact people to seek permission to continue holding their information.

If systems and processes aren’t slick this could have a hugely detrimental effect on a recruiters efficiency to deliver a shortlist, as you simply can’t send any personal data without first gaining permission from the owner.

How will this affect online job sites?

It’s a grey area if data is sourced from an online provider, but I suspect these organisations will get their candidates to agree to a waiver so recruiters can use their data once it is been uploaded. However, in order to remain compliant, I would still recommend contacting the candidates for consent.

LinkedIn will be more of an issue. The individual who is in control of their data can edit or remove it at any time, but when a recruiter downloads it from LinkedIn, are they able to use it? No one knows. It could be argued that if the individual has specified that they’re looking for new opportunities, then that could be seen as giving permission.

What opportunities will GDPR bring?

If recruiters are GDPR compliant, candidates will receive a better service because communication will be improved. Recruiters will also have more control of the full recruitment lifecycle, with job seekers knowing how, where and by who their data is being used.

Any final thoughts?

GDPR isn’t a buzz word or something you can ignore, it’s the biggest shake-up of data law in 20 years and when it takes effect it will not only change the way we all think and behave but offer new opportunities to those who manage data correctly.

HRS is happy to offer any business advice, as it doesn’t have to be red tape and data deletion if you have the right systems and software in place to automate processes.

For further information visit