GRPD : What is the impact on recruitment ?

The implementation of the GDPR forces companies to rethink their processes related to the protection of personal data, or they will face sanctions. However, in human resources, process management is sometimes neglected. What is tGDPR? What are the implications for HR and especially recruitment?

Synopsis

• What is GDPR? 
• What happens to the storage of candidates’ information with GDPR?
• How does GDPR affect recruitment management?

GDPR is the European Data Protection Regulation. This EU directive came into effect in 2018 and impacts all EU companies that collect and process personal data on EU residents.

The objective of the GDPR is to strengthen the framework for the collection and use of personal data:

• Standardising data protection regulations at European level
• Making companies more responsible in their data processing
• Strengthening the right of individuals (right to data portability, right to be forgotten, etc.)

By using various digital recruitment tools, it is easy to access online databases but also to search for potential candidates on the web. The storage of information on candidates for recruitment is affected by the regulations. GDPR recommends that information about candidates – including personal data – be stored in encrypted form. Data encryption is about making it impossible for anyone who does not have the encryption key to read a document.

Prior consent of applicants is required to register and retain their data in the long term, which can be modified and subsequently deleted. The company needs to be transparent about the collection and use of this information, that is, to provide applicants with clear and unambiguous information about how the data is handled.

• Collection of information, including obtaining candidates’ personal data: first name, last name, age, address, email, etc. data that must remain confidential.
• The storage of data collected by the company, which has the formal obligation to secure access to this data.
• The exploitation of the information, for which the company certifies non-disclosure and total confidentiality.
• Accessibility of this data by the candidate him/herself: the candidate can request the transmission of his data collected by another organisation and to modify or delete them.

The management of non-structured data, dispersed between the different departments (HR, sales, marketing, etc.) of the company is complex. It is indeed difficult to know the storage location and the persons authorised to consult this data. In the context of recruitment, the storage of CVs in emails, Excel spreadsheets listing candidates, … are examples of non-structured and therefore not mastered data.

The use of a recruitment software or ATS (Applicant Tracking System) secures the identification of personal data and guarantees, in the event of a user’s request, its extraction, cancellation, deletion and anonymisation.

An increasing proportion of recruitment is automated using an ATS software which structures the data collected in the same place. With GDPR, the company specifies to the candidates which part of the recruitment process is automated and which data will be collected. The different functionalities of the ATS software allow to keep only the relevant candidates’ data. In the context of recruitment, if a candidate’s profile does not meet the requirements for a position, the data may be deleted from the system.