The Value and Vindication of Candidate Data: Recruiting in the Age of the GDPR

That's not a valid work email account. Please enter your work email (e.g.
Please enter your work email


The recruitment technology space is buzzing. Since Google’s entry into the industry with Google for Jobs, Microsoft’s purchase of LinkedIn, and most recently, the acquisition of Glassdoor by Indeed’s parent company Recruit Holdings, it’s clear that talent acquisition is currently a hotbed for investment and public attention.

The Bureau of Labor Statistics reported a record high for US job openings of 6.6 million at the close of March — a stark reminded that the power is very much in the candidates’ hands as they weigh their many options. What this teaches us is that job seeker data is now an extremely valuable commodity in today’s increasingly competitive hiring market. 

In the recruiting industry, we talk a lot about candidate experience but rarely discuss the rights that candidates should have over their experiences. Job hunting is a job in itself, and candidates need all the help they can get to navigate potential career paths and land at the right companies. Job seekers place a lot of trust in potential employers to handle their personal information thoughtfully and carefully throughout the hiring process.

Today’s employers should pay especially close attention to the methods by which they process, store, and use candidate data. Eighty-nine percent of Americans avoid companies that don’t protect their privacy. Overall, Americans are more concerned about not knowing how their personal information is used online than they are about losing their principle income. That’s very telling. By not being trustworthy and transparent about their candidate data practices, employers risk not only turning off job seekers, but also losing customers in the long run.

The EU’s General Data Protection Regulation (GDPR) tackles these privacy concerns head-on by specifying and strengthening online user rights, including those of job candidates. The mandate adds more transparency around data processing and encourages stronger indicators of consent from data subjects (e.g., your job applicants). Under the GDPR, the obligations of employers (data controllers) and talent acquisition and HCM software providers (data processors) are much more distinct and enforceable — which is important.

Of course, if your organization doesn’t do business in the EU, the regulation won’t carry the same weight of heavy enforcement and related fines. Still, the principles it exerts will surely have an impact on how data is handled across all geographies, industries, and business functions.

To protect your employer brand and ensure that applicants favorably view your company as ethical and forward-thinking, it’s best to begin implementing some of the GDPR’s specified data practices within your hiring program — and soon. Candidates are also customers, and employment and corporate brands are one in the same, especially in B2C industries. You must respect candidate data to protect it — and to protect your brand as well.

The primary idea behind candidate data rights is to empower job seekers to choose who has access to their personal information, to gain visibility into where that data is stored and how it is processed, and to provide informed consent to be collected into a given database.

Applicant tracking systems (ATSs) are a central component of the candidate-employer relationship and are therefore invaluable tools to help HR teams achieve compliance. While talent acquisition software can’t make the final call on how your organization chooses to address data security, it can certainly enable safer, more transparent data transactions.

Within a recruitment platform, recruiters can conduct candidate searches with criteria based on location, date, and/or source, easily creating lists of candidates that may need to be deleted or purged from the system to comply with regulations. You can also send communications to your candidate database that prompt applicants to return to the career portal to provide consent, review their current information, and request deletion or edits of their personal data.

While these changes may seem relatively simple, they carry a lot of significance. Of all HR functions, talent acquisition is the most public-facing and complex. If candidate data were to become compromised, or if applicants were to suspect their personal information was being abused or disregarded, an employer could quickly run into massive public scrutiny and financial risk.

Remember, there is a person behind every segment of data. Candidates don’t want to be cut out of the equation once their information is collected. Allow them to fully participate in the entire hiring process, empower their choices, and show them how valuable they really are.

Al Smith is chief technology officer of iCIMS.

By Al Smith