As a trusted recruitment and HR company our clients often come to us to ask for advice and guidance on recruitment, hiring and internal business issues. A common conversation that we are having with a lot of clients recently is GDPR and how GDPR affects recruitment.
This is the first in a series of recruitment and GDPR, and how GDPR affects your business in regards to recruitment. Below we have listed some things that you need to consider when recruiting new candidates.
- It is essential that you have legitimate interest for processing candidate data. While GDPR allows you to collect the data, it can only be for specified, explicit and legitimate reasons. Any job related information you collect can only be used if you intend to contact any sourced candidates within 30 days.
- If you are processing candidate data you need to ensure that you have candidate consent to do so. GDPR means that you have to ask for consent if you want to process any personal data. This includes data such as disability information, cultural, genetic or biometric information. You need to collect candidate consent in a clear and intelligible way. Candidates must also be clear on how they can withdraw their consent if they choose to.
- As an employer you need to be clear about how you are processing candidate data. This includes having clear privacy policies that are made available to candidates on request. You must also state that the data is being used for recruitment purposes only.
- You need to assume responsibility and accountability for compliance. It is important that your company demonstrates GDPR compliance. Make sure you remember that your company is responsible for anyone you do business with, this includes contractors.
It is important that you remember that candidates have two rights when it comes to GDPR and recruitment within your business. These are follows;
- Candidates have the right to be forgotten. Candidates can contact you at any time to say they want you to delete their details and stop processing their personal details. This means that every place their data or details is stored must be corrected. You have one month from receiving the candidates request to delete all their information from your systems.
- Candidates also have the right to access their data at any time and rectify it if required. Candidates can ask what data you hold of theirs and for amendments to be made. Again you have 1 month to respond to this request.
If you have concerns about how your GDPR and recruitment is managed please contact the team at Aspire Cambridge today on 01223 855440.