Similarly to traditional recruitment, remote recruitment involves processing of job candidates’ personal data. The protection of personal data in the European Union and in most countries across the world is regulated by law. Improper collection, processing and storage of personal data entails legal consequences. How to comply with GDPR in your online recruitment process?

How to comply with GDPR? – table of contents:

  1. Recruitment goals and objectives
  2. Online recruitment
  3. GDPR rules
  4. How to comply with GDPR?
  5. Summary

Recruitment goals and objectives

Remote recruitment is becoming increasingly popular since it ensures efficient communication between the organization and job candidates. It is also a cost-effective and time-saving solution. Online job adverts can be frequently updated, and the pool of candidates is enourmous.

Recruitment is a part of Human Resources Management. The term itself can be understood both in a narrow and broad sense. On one hand, recruitment might be seen as the whole process of sourcing, informing and attracting job candidates. On the other, it is frequently referred to as the method of identifying them for the future selection.

The main objective of the recruitment process is to choose candidates who meet the company’s requirements, which is equivalent to providing the organization with an adequate number of qualified employees. To be more specific, its purpose is to motivate people to apply for available positions in the organization, and then to create a list of candidates, subject to selection.

how to comply with gdpr

Online recruitment

Taking into account the global digitization and the COVID-19 pandemic, remote recruitment has become even more common. Therefore, you frequently come across job offers on popular job boards that are posted with the “remote recruitment” clause. Apart from sending your application online, the rest of the process is handled with the use of remote tools and a phone.

If a given application attracts the recruiter’s attention, they give a candidate a call and set up a job interview over the phone or computer. In the case of a video interview, a candidate receives an invitation e-mail along with a link to the instant messenger used by the recruiter. All they need to do is to activate the link and join the meeting at the specified date and time. Some of the most popular instant messaging apps include: Skype, WhatsApp, Facebook Messenger, Microsoft Teams and Signal.

Stages of online recruitment

The recruitment process consists of several stages, such as:

Stage 1 – Posting a job offer, collecting e-applications and a pre-selection. After choosing applications for further procedures, recruiters call job candidates and set up job interviews. During the first meeting, they verify some basic information, e.g. assess a candidate’s command of a foreign language. The final appointment is confirmed by e-mail.

Stage 2 – Online job interview. At this point recruiters check the candidate’s skills and engagement, as well as decide whether to qualify them for further stages of the recruitment process.

Stage 3 – Further verification. Candidates solve tests and assignments. Recruiters, in turn, take their final decision at this stage.

Stage 4 – Onboarding online. After deciding on a successful candidate and offering them a job, recruiters can hire the candidate and complete the onboarding process.

GDPR rules

General Data Protection Regulation (GDPR) is the EU’s data protection law which is directly applicable as of 25 May 2018, and replaces the Data Protection Directive of 1995. Personal data is quite a broad term associated with the identification of a particular person. The data protection mainly covers:

  • name and surname
  • national identification number
  • home address
  • e-mail
  • bank name and account number
  • photos of people
  • information related to the physical or mental health
  • computer IP address
  • religion
  • race
  • ethnic origin
  • sexual orientation

A contemporary problem of global reach are issues related to collecting data, privacy loss and a threat to personal security. In this aspect, GDPR is the toughest regulation which is the pillar of the UE’s jurisdiction. Similar directives are in force in other countries, e.g. Brazil. Australia, Japan, Thailand and some states in the USA.

How to comply with GDPR in online recruitment?

When the recruitment process begins, the employer becomes the personal data controller, and can obtain such data as:

  • name and surname
  • date of birth
  • education
  • qualifications
  • employment record
  • contact details.

Organizations must comply with data protection laws for a given country when collecting and processing the aforementioned information. A candidate who applies for a job is obliged to attach a consent to processing of their personal data for the recruitment purposes. The employer’s duty is to remove a candidate’s personally identyfing information after the end of the recruitment process.

It should be noted that job boards do not play any administrative role, and do not process any personal data. Their function is limited to presenting the principal’s offers and providing tools for collecting applications.

Key information on GDPR compliance

  • A set of information that can be obtained by the employer during the recruitment process is closed and includes data that has already been mentioned above. The employer is not entitled to require information related to, for example, marital status, ethnic origin or sexual orientation.
  • Given the objective of the recruitment process, which is to acquire employees, the collected data must serve this purpose only. The data cannot be used in any other situation . It is unacceptable to exploit data freely and make it available to other entities.
  • Processing candiates’ data must be based on their written consent.
  • During the recruitment process, the employer has to notify their candidates of the company’s name and head office, the purpose of data collection, and the right of access to information.
  • At every stage of the recruitment process, job candidates have the right to control how their data is processed.
  • After the recruitment process ends, the employer is obliged to delete all the collected data, and the data controller must secure it in an appropriate way.

How to comply with GDPR – summary

How to comply with GDPR in your online recruitment process? First of all, get familiar with the personal data protection laws for a given country. In most of them, candidates’ personally identyfing information is specially protected. Therefore, it is a key issue to collect and process it for the recruitment purposes only. Also, recruiters shouldn’t obtain any information that relates to a candidate’s race, origin and marital status.

Moreover, it is a controversial issue to verify data about particular candidates on social media and screening their employement history as part of the background check. According to GDPR, such practices are unacceptable. However, due to the fact that such information is available to the general public, it’s difficult to view them as unethical.

To sum up, the question of GDPR compliance in the recruitment process is a broad subject.. A suitable preparation and the knowledge of legal regulations will greatly facilitate the procedure of acquiring new employees.

You already know how to comply with GDPR in your remote recruitment process. Read our other resources: 5 tips on how to prepare for an online job interview.

If you like our content, join our busy bees community on Facebook, Twitter, LinkedIn, Instagram, YouTube.

How to comply with GDPR in your online recruitment process? nicole mankin avatar 1background

Author: Nicole Mankin

HR manager with an excellent ability to build a positive atmosphere and create a valuable environment for employees. She loves to see the potential of talented people and mobilize them to develop.