Being non-compliant in regards to GDPR can have a massive economic and PR-related impact on any company. By not being in control of the way you handle personal data in regards to the Talent Acquisition process you open up for large organizational risks that are not limited to the economical fines you may incur but also the PR nightmare of not being careful with individuals’ personal data.
Having an ATS is by no means a safeguard, depending on how recruiters and hiring managers act there are several stages where you might be non-compliant regards to GDPR. Anything from storing CVs locally to conducting assessments via email might open up the door for risk.
Map the recruiting data to make sure to know what kind of data is collected, how it is done and what source is used. When this is done, make sure to create a privacy policy that in detail explains how you collect, process, and protect the collected data. Remember that everyone has the right to be forgotten, so this must be included.
Did you know that talent sourcing and building lists of people to contact fall under GDPR requirements? How does the TA manager make sure that sourcing done from GitHub / TikTok / Facebook / Instagram is handled correctly? How do you explain to rejected candidates that you wish to keep their data and for how long? Since if you determine that a candidate is unlikely to be qualified for future roles, you must under GDPR delete their data.
<aside> 💡 For a comprehensive guide on the subject, please visit:
</aside>
A recruiter's guide to GDPR compliance
<aside> <img src="/icons/backward_gray.svg" alt="/icons/backward_gray.svg" width="40px" /> Back to Control
</aside>