As a business hiring new staff, there is another level of GDPR that you need to consider. While you may have been through suppliers, customers and employees in regards to GDPR, you may not have considered the recruitment process.
Here at Aspire Cambridge we believe that there are three important GDPR terms that you need to consider. You may not have thought that these terms relate to recruiting, but they do. For that reason you need to be aware of them and how you meet the GDPR regulations for them.
- Candidates Are Data Subjects
‘Data Subjects’ is a term used frequently in GDPR requirements. Candidates are classed as your data subjects because they can be identified through personal data. For example, a candidate sends a resume or CV and this has their name, an address and phone number. The GDPR ruling has been created to protect this kind of personal data. Think about how you are handling this personal information, how it is being stored and who has access to it.
- Employers are Data Controllers
Employers are classed as ‘data controllers’ as per the GDPR requirements. This is because they serve as the main representative of the company to the candidate. The data controller needs to make clear to the candidate the purpose of collecting the personal data and what it will be used for. This person is fully responsible for protecting the candidate data and ensuring it is used lawfully.
- Applicant Tracking Systems (ATS) are Data Processors
Your applicant tracking systems, and any other recruitment software, are known as data processors, in terms of GDPR requirements. This is because these systems process candidate data on behalf of the company. They will often be following the company instructions as to how this data is managed. In some cases a data processor will have a sub-processor, another term found in GDPR regulations. This could be something on a cloud platform, for example.
If you have concerns about GDPR and your recruitment processes then contact our team directly on 01223 855440. We would be only too happy to help you become GDPR compliant with your recruitment and hiring processes.