The GDPR came into force on 25th May 2018. For in-house recruitment teams, a key area of focus was (and, of course, should continue to be) around transparency and accountability.

On this page you’ll find links to a number of in-house recruitment GDPR resources, so scroll down for recent blog posts, infographics, practical advice and more to help ensure you’re embedding strong Data Protection practices into your hiring processes.

Hireserve ATS GDPR functionality

Although the GDPR has now come into force, you may still be looking for the right technology to help you meet your data controller responsibilities. 

Simply fill out the form below and we’ll email over your guide to Hireserve’s Data Protection functionality in a handy PDF. If you have any questions about Hireserve ATS and how our technology can help in-house recruiters meet their Data Protection responsibilities under the GDPR, please do contact us.

Latest in-house recruitment GDPR resources

What should you do first?

Blog post

Our first steps for your GDPR compliance action plan. Where should you start?

A notebook and a pencil - possibly used by guest blog authors to write with
Do you know your key terms?


Your simple introduction to GDPR terminology for in-house recruitment teams.

How can you manage talent pools?

Blog post

Under the GDPR you’ll need to review your talent communities. Learn more...

Diving mask next to a swimming pool - could be used to jump into a talent pool

Practical steps to prepare for the GDPR


Undertake a data mapping exercise

A data mapping exercise is the process of identifying, processing and mapping out the data flows of your organisation.

This is a complex process, particularly for organisations with multiple systems and technology platforms in place.

Think about the journey your candidates’ data will take, from the moment it enters your organisation. You should also document what information you collect about candidates at each stage of your recruitment process, and document how your organisation(s) use that data.

As part of your work towards GDPR compliant processes, you will need to define your organisation’s legal bases for processing candidates’ information. You should define and document these legal bases during your data mapping exercise.

Review your privacy notice

As transparency is a key theme of the GDPR, your privacy notice(s) will take on greater significance.

Your privacy notice should be easily accessible to candidates on your careers site  and you should use it to very clearly state what personal data you will collect and how you will process it. You also need to include:

  • Your organisation’s identity and contact details
  • The purposes and legal basis for processing
  • Details on other recipients and cross-border transfers
  • How long you will store data for
  • Your data subjects’ rights
  • The existence of any automated decision-making
Additional GDPR resources for your recruitment team
Working with third parties

Blog post

In this new blog, learn what obligations your ATS provider has under the new regulation and the questions you should...

Core principles of the GDPR


Do you know the core principles of the GDPR? From transparency to data retention, learn more...

Using SMS in Recruitment
Your candidates' rights

Blog post

Under the GDPR, your candidates have widened rights - so you need to know how you can manage and respond...

Girl with a cup of tea

How will the GDPR impact your recruitment activity?

Working with agencies

As a responsible employer, you should make sure the recruitment agencies you work with are GDPR compliant.

It may be sensible to start conversations with agencies on your PSL now, in order to understand how they will adapt their processes in order to adhere to the new regulations.

This approach should also be taken with third parties such as HR & Recruitment technology and service providers

Your candidate communications

If you send emails to candidates, you’ll need to include a clear ‘opt-out’ option at the bottom of each email (you should do this already under the Privacy and Electronic Communications Regulations).

You should consider linking to your privacy notice in every candidate communication too.

You will also need to implement a way for candidates to contact you with requests or complaints about their personal data.

GDPR key terminology


In the context of in-house recruitment, what does some of that GDPR legal jargon mean?

  • Data processing: In the in-house recruitment industry, this could range from screening candidate CVs to building talent pools in your ATS. Essentially, processing means every way that you use data.
  • Data controller: In this context, you!
  • Data processor: Any person/organisation acting on your behalf. So in the recruitment industry, this could be your ATS provider, for example, or psychometric testing partner.
  • Data subject: Your candidates, in this context.