- 01256 634140
- info@hireserve.com
- Worting House, Church Lane, Basingstoke
As you may be aware, the Data Protection Act requires you to process data lawfully, in line with a legal basis. ‘Consent’ or ‘legitimate interests’ are typically the two most relevant bases you can use to justify data processing activities for in-house recruitment purposes, and to be compliant alongside data protection legislation.
Hireserve ATS ensures you have the toolkit you need to comply with this element of the regulation. You can to create and configure a privacy statement which appears on your careers page and which you can link to from all your application forms. The system also provides a consent mechanism which allows you to present a link to your privacy statement or request consent when candidates apply for a job or register for an account with you.
This means we can support both ‘Consent’ and ‘Legitimate interests’, whichever is your chosen lawful basis for processing candidates’ personal data.
Remember, under Data Protection law, consent must be ‘freely given’, so your candidates must have the option to ‘opt-in’ or not. It must demonstrate an affirmative action too, such as actively ticking a box.
The privacy policy also enables you to meet another data protection principle of the GDPR, which is that of ‘transparency’. You must be clear on how, why, and when you process your candidate and job data. You can include all this information in your privacy statement.
Another principle of the EU GDPR and the UK Data Protection Act is that of ‘storage limitation’. Compliance with this rule looks like setting and adhering to data retention periods.
To ensure you can be compliant with this requirement of the law, Hireserve’s Applicant Tracking System enables you to set a custom data retention period. You can then choose whether after this time, a candidate will automatically be anonymised (to preserve your reporting capabilities) or deleted entirely.
You also have the tools to re-engage candidates who are nearing their data retention expiry date with an automated renewal process.
…to always seek guidance from your organisation’s Data Protection Officer, legal team or other qualified and professional data protection authority. This is vital to ensure protection of your candidates’ data, and of you as an employer.
The tools within an Applicant Tracking System are not enough to ensure full GDPR compliance. You also need to ensure that your organisation has clear data protection policies and procedures in place to support and protect your recruitment processes.
From meeting data subjects’ requests (a candidate would be referred to as a ‘data subject’ under the GDPR guidance) to having robust personal data breach procedures, you need to be able to prove that you are aware of the risks that processing personal data carries, and have clear resolution and security controls to protect your candidates’ personal information.
In addition, as the ‘data controller’, you need to have a clear understanding of how third-parties might process your candidates’ personal data. If you’re using job boards, recruitment agencies or other recruitment partners, for example, you must be confident that they too can meet UK Data Protection guidance. The same would go for an HR software provider, if you are transferring data from your Applicant Tracking System into another system. They must understand the data protection principals of GDPR compliance.
You may also need to have policies in place to make sure you can process non-EU data safely and in-line with information security guidance and other privacy regulations.
If you’d like further details on the Data Protection functionality within Hireserve ATS, take a look at our Data Protection and in-house recruitment information, or Contact Us. We’ll be happy to answer any questions you might have.
© 2024 All Rights Reserved.
