Candidate sourcing and GDPR compliance


Whether you’re using People Search or any other sourcing tool, after adding passive candidates to the pipeline for a job, or to your Talent Pool, GDPR regulations state that you must email these candidates 'within a reasonable period after obtaining the personal data, but at the latest within one month’ to notify them that you are processing their information, and to provide them with details of the processing. Article 14 of GDPR explains in detail the information that your organisation should provide to these individuals.

‘Passive candidates’ are people who are being considered for a position but have not actively applied. Sourcing passive candidates (or ‘head-hunting’) is critical to many organisations, whether it’s for hard-to-fill roles or more senior positions.

We suggest that you create and document your process for data protection within your organisation. As part of your process, you can use Workable to create an email template that can be used to contact passive candidates with a consistent approach.

If you are an external recruiter or agency you should take legal advice to ensure that your processing is compliant with GDPR and whether there are any other steps that you need to take to ensure that you have the right to pass candidate details to your clients.

If a candidate requests it, their information should be deleted from your system.

Automatically include a data processing disclaimer and link to Privacy Notice annual_label.png

Sourced candidates should be notified that you are processing their information for recruitment purposes within 30 days of being uploaded to your account.

With the Workable Annual plan, the first time you email a sourced candidate or invite them to an event, a footer will be automatically added to the email including a link to your Privacy Notice and an option for the candidate to delete their own data and withdraw from your process. The details in the footer can be edited if needed.

These details ensure that you won’t forget to notify the candidate when you first contact them. (On Workable Annual plan you can also set up an automation to delete sourced candidates who have not been sent a link to the disclaimer within 30 days.)

Note: If a candidate is added by an external recruiter then the email footer will not appear automatically. External recruiters should notify the candidate of their staffing agency’s data policies prior to adding the candidate to Workable.