Data Protection resources 

The GDPR came into force on 25th May 2018 and was later incorporated into UK law via the Data Protection Act of the same year. 

The new DPA implemented the principles of the European GDPR legislation, with a real focus on transparency and accountabilit around how you process and store personal data.

On this page you’ll find links to a number of resources to help ensure you’re embedding strong Data Protection practices into your hiring processes.

Read on for blog posts, infographics, practical advice and more, including:

Download your GDPR guide

From data-mapping to reviewing your privacy statements – essential GDPR reading.

This guide was create in partnership with international law firm Osborne Clarke, to help in-house recruitment teams and talent acquisition professionals prepare for the General Data Protection Regulation, now embedded in UK law as the Data Protection Act. Download today!

A Data Protection-compliant ATS

Technically, an Applicant Tracking System can’t ‘comply’ with any legislation.

However, your recruitment technology should provide you with all the tools you need to meet your Data Controller responsibilities.With Hireserve ATS, you process your candidate and job data in a manner compliant with the principles of the Data Protection Act.

Hireserve ATS provides Data Protection functionality to ensure you can:

  • Obtain consent or establish legitimate interests from your candidates
  • Add a link to your privacy statement on your application forms and candidate emails
  • Set your custom data retention period
  • Auto-remove candidates when they exceed your data retention threshold

If you’re preparing to choose a new ATS, make sure Data Protection is high on your list of priorities to discuss with a potential provider. In fact, why not have a quick read of our handy blog on the subject?

Image showing Hireserve ATS recruitment software on a tablet, desktop and mobile

What should you do first?

Blog post

Our first steps for your Data Protection compliance action plan. Where should you start?

Do you know your key terms?

Infographic

Your simple introduction to GDPR terminology for in-house recruitment teams.

How can you manage talent pools?

Blog post

Under the DPA you’ll need to review your talent communities. Learn more...

Practical steps to meet your Data Protection responsibilities

Complete a data mapping exercise

A data mapping exercise is the process of identifying, processing and mapping out the data flows of your organisation. This can be a lengthy process, particularly for organisations with multiple systems and technology platforms in place.

To get started, consider the journey your candidates’ data will take, from the moment it enters your organisation.

You should also document what information you collect about candidates at each stage of your recruitment process, and document how your organisation(s) use that data.

As part of your work towards Data Protection compliant processes, you will need to define your organisation’s legal basis for processing candidates’ information. For example, in the in-house recruitment space, it’s like you’ll use ‘Consent’ or ‘Legitimate Interests’. You should define and document your appropriate legal basis during your data mapping exercise.

 

Read more

Review your privacy notice

Transparency is a central theme of the Data Protection Act, so your privacy notice(s) will take on greater significance.

Your privacy notice should be easily accessible to candidates on your careers site  and you should use it to very clearly state what personal data you will collect and how you will process it. You also need to include:

  • Your organisation’s identity and contact details
  • The purposes and legal basis for processing
  • Details on other recipients and cross-border transfers
  • How long you will store data for
  • Your data subjects’ rights
  • The existence of any automated decision-making

Read more

Additional Data Protection resources for in-house recruitment teams
Core principles of the GDPR

Infographic

Do you know the core principles of the DPA? From transparency to data retention, learn more...

Working with third parties

Blog post

Learn what obligations your ATS provider has under the new regulation and the questions you should be asking…

Your candidates' rights

Blog post

Under the DPA, your candidates have widened rights - so you need to know how you can manage and respond...

How will Data Protection impact your recruitment activity?

Working with agencies

As part of your due diligence, you need to make sure that any recruitment agencies you work with are working in a way compliant with the Data Protection Act.

If you haven’t already, it may be sensible to start conversations with agencies on your PSL , in order to understand how they will, or have, adapted their processes to adhere to the new regulations.

This approach should also be taken with third parties such as HR & Recruitment technology and service providers

Your candidate communications

If you send emails to candidates, you’ll need to include a clear ‘opt-out’ option at the bottom of each email (you should do this already under the Privacy and Electronic Communications Regulations).

You should consider linking to your privacy notice in every candidate communication too.

You also need to implement a way for candidates to contact you with requests or complaints about their personal data.


 

Looking to find out more?

If you’d like to discover more about the Data Protection functionality within Hireserve ATS, or would simply like a friendly chat about your Data Protection and in-house recruitment queries, do drop us a line.

 

Get in touch today!

Please remember: The information on this page concerning technical legal or professional subject matter is for guidance only, and does not constitute legal or professional advice. Always consult a suitably qualified lawyer on any specific legal problem or matter.
We also highly recommend the ICO’s excellent website for data protection checklists, templates and guidance.