We all know how important GDPR compliance is for us as business owners, but what about GDPR compliance as an employer? As a business it is essential that you do a company wide data audit. One way of complying with GDPR regulations is to map your recruiting data.
When it comes to recruiting data it is essential that you are clear about where the data has come from, how you found it and how you store it. Below we have put together some questions that you should be able to answer when your data audit is completed. If you can’t answer them, then this will give you the areas that need to be worked on and improved.
- What are your candidate sources and how is personal information collected?
An example answer to this question would be the application forms completed by candidates in response to job adverts.
- What sort of data is collected about your candidates and how much is needed?
For example, when you ask for the candidates email address, home address and mobile numbers you need to have legitimate reasons for doing so. If you do not then you should not be collecting it.
- How is personal information used in your organisation?
A typical answer to this question would be that candidate data is used to screen candidates and judge their suitability to progress to an interview and further through the recruitment process.
- How is personal data stored in your organisation, and how has access to it?
Many businesses keep their candidate data on spreadsheets or on CRM systems. In some cases data is kept on an ATS and then shared with hiring teams. Think about how your data is stored and how you can control who has access to it.
- How does data flow through your organisation?
This is a follow on question to the last question. It gives you a chance to think about who has access to personal data and how they get the personal data. For example you may have the receptionist that collects the CVs and application forms. These are then passed to a team leader, then to the hiring manager for example. You need to think about why each person needs this personal information and how they use it too.
- What are your processes for sharing, editing and deleting candidate data?
If you use a spreadsheet for all candidate information and this is the only place that data is kept, then amending or deleting the spreadsheet is your answer to this question. However you also need to think about the documents and how they are shared between colleagues.
Do you have a policy or process in place for dealing with recruitment and GDPR requirements? If you’d like clarity on your recruitment process or help you meet GDPR requirements please contact Aspire Cambridge today on 01223 855440.