GDPR for Recruitment
It is important that you adhere to the GDPR for Recruitment if you handle personal data within your agency.
Your CRM is likely full of historical candidate data and you must have procedures and policies in place to ensure all of your data processing activities are compliant with the GDPR. This is where we come in.
Our expertise in data protection legislation means we are perfectly placed to support your GDPR compliance efforts.
From our GDPR Privacy Essentials, a suite of tools tailored to your business, to our expert advisory, we have everything you need in one place at an affordable price.
How can you benefit with Sovy GDPR Privacy Essentials
Frequently Asked Questions
Any organisation which handles the personal data of EU citizens is subject to the GDPR, regardless of their size, location or the type of business.
As a recruitment agency, you will most likely be a data controller with regards to most of the data that you hold
Generally, you will be a data controller if the following applies:
- You are processing personal data as part of your general and contracted activities;
- You have control over how and why the data processed (if you do not have control over this, for example, if the data processing is specified by the company carrying out recruitment, you are a data processor).
A CV constitutes personal data because it contains information by which a person can be identified. In fact, there will usually be several pieces of personal data within an individual's CV.
Even if you were to remove directly identifiable information, such as a candidates name, telephone number and address for the purposes of anonymisation, it should be noted that a candidate could still be identified from the collection of information contained within a CV, meaning this data remains 'personal data'.
For example, it could become easy to narrow down a candidate's identity by their work and education history alone, particularly if cross-referenced with information avaliable on the internet.