Recruitment agencies rely on communicating with candidates to function.  So, with the changes that GDPR brings, how will this impact recruitment agencies?

GDPR replaces the Data Protection Act 1998 – a necessary modernisation given how much communications have changed in the last 20 years.  Here, we focus on contacting candidates and how their personal data can be collected, stored, processed and used.

There are a number of ways to continue to communicate with relevant candidates:

Send a personal communication or call

Recruitment agents won’t need telling that asking someone whether they’re still looking for a job and whether they would like to be kept updated about opportunities is a good, personal way of keeping in touch with candidates.  However, if as a recruitment agent, you don’t have time to do this for each and every individual candidate on your database, you will need to take a good hard look at your candidate data to see whether it’s still okay to use it for this purpose.

Check whether candidate consent has been obtained

If you have been keeping track of whether your candidates have said that you may continue to contact them, including any details of their preference to the method that you use to contact them, then this may prove that you have a candidate’s consent to contact them.

It is important to know that if you are relying on already having candidates’ consent in order to communicate with them in the future, you must be able to prove this, so detailed records must be kept.  Similarly, if a candidate has said that you can keep in touch but you haven’t been in touch for over 6 months, the validity of consent could be brought into question if you then start sending them marketing communications or job updates, out of the blue.

Prove legitimate interest

The Information Commissioner’s Office (ICO) says that another lawful basis for processing data is called ‘legitimate interests’, which the ICO explains as:

“The processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)”

Assessing legitimate interest in recruitment

Firstly, it is important to check that legitimate interest is the most appropriate basis for processing data (there are several others that are worth reading up about, on the ICO’s website).

There is then a test to take, to ensure that communicating with your candidates based on legitimate interest is the correct decision.  The stages of this test include:

You need to identify a legitimate purpose

According to the ICO’s guidelines, a legitimate interest can be either your own interest, or the interest of your candidates. This can be commercial, societal or simply the singular interest of an individual.

Is data processing necessary to achieve the legitimate interest?

Is there another way to achieve the goal relevant to a legitimate interest?  If there is another method that doesn’t involve collecting, storing and using personal data, then you should always use this way.

Balance the legitimate interest and necessary processing against the rights, freedoms and personal interests of the individual

The interests of an individual will almost always override the legitimate interests of a company.  For this reason, it’s important to balance one against the other and if you find that the individual wouldn’t expect you to keep something like their date of birth on file, you shouldn’t.

Keep a record of your legitimate interests assessment

Where you have put processes in place that directly relate to legitimate interests, you must keep a record of this in case you ever have to demonstrate GDPR compliance.  The ICO has published a helpful checklist for proving legitimate interest on their website, which includes further points such as considering whether an opt-out option would be appropriate.

What could happen if your recruitment agency doesn’t comply with GDPR?

If your recruitment agency does not conduct itself in a way that is completely GDPR complaint, you will risk fines of up to €20,000,000 or four percent of your agency’s annual global turnover – whichever is greater.

Recruitment agency benefits of being GDPR compliant

GDPR makes it necessary for your agency to be transparent about the candidate data it holds and what it does with that data.  If a candidate does not want you to contact them, then they have the right to be forgotten.  In the same vein, if a candidate does not want you to contact them – they don’t answer your calls or respond to/open your emails – then they are of no value to you anyway.  In fact, you’ll be saving time and money by not contacting them anymore.

 

Think you don’t have time for marketing?

Think you don’t have time for marketing?

Think again!

Join the Ideal Marketing Minute weekly email for your weekly marketing to-do list which can be reviewed in under a minute!

Learn more here, or sign up here.

 

 

You have Successfully Subscribed!