It will happen from time to time, you have more than one great applicant for a role, but only one role available. At times like this a rejection letter needs to be sent to tell the candidate that they have been unsuccessful at this time. In many cases you will want to keep their details on file as you think they would be a great asset to the team, but there are just no roles available for them at this time.
To remain compliant with GDPR you need to ensure candidates know you are keeping their data on file. If you are keeping it for longer than normal then the candidate needs to know this and the reason you are doing so.
In this blog post Aspire Cambridge have put together some things you should include in your rejection letter to ensure that your rejection letters meet GDPR requirements.
- Explain to the candidate that you would like to keep their data for longer and the reason you want to keep it for longer.
- Mention in your rejection letter how long you would like to keep the candidates details for. This could be until the successful candidates trial is up, until they are re-hiring, until the business expands and so on.
- Include a link in your rejection letter to the recruitment privacy note. Make it easy for the candidate to access and read this if they require.
- Inform the candidate that if they would rather have their information deleted now, or at any time in the future they can. Then explain how they can make that request and in what timeframe this request will be dealt with.
If you have told the candidate that you will keep their data for a year after they apply another email or letter is not required. However if you have the told the candidate that you would keep their data until the position is filled then you need to inform that candidate that you would like to keep their details for longer, and if so how much longer and for what reason.
Is your recruitment process GDPR compliant? If you have any concerns please contact our team on 01223 855440 who will be happy to check for you.