Top

Candidate applications and GDPR

Follow

In line with the GDPR principle of ‘data minimisation’, ensure that as a company you are requesting only what is ‘adequate, relevant and limited to what is necessary’ in your application forms, and that you have a full understanding of exactly why that data is required. Your organisation will need to take responsibility for your own GDPR compliance and make sure that your team is using Workable correctly.

Workable’s customisable application form, requests only the essential information required for recruiting purposes. This can be used as a starting point.

application_form.png

Decide how long you need to keep candidate data on file. Document these decisions and communicate them to your hiring teams.

With a Workable Pro plan you will be able to set up a Privacy Notice template that is automatically shared with applicants.

If you don’t have a Workable Pro plan we suggest including we suggest including a short paragraph at the end of every job description created via Workable with information pertaining to your Privacy Notice.

Ideally, your linked privacy notice will be related to recruitment only, instead of a more general company privacy policy. This will further increase transparency, enabling the candidate to quickly see relevant information which could be missed in a longer, more general policy.

Non-standard applications

If a candidate is referred, sends in a speculative resume, hands you a resume at a careers fair or applies via any route in which they haven’t had access to the details of how you will process their data, then you must inform them.

We suggest creating an email template which confirms receipt of their application, outlines how you will use the data and links to your Privacy Notice for recruitment.

Are you sourcing candidates? Find out more about candidate sourcing and GDPR compliance.

Applicant consent option label-pro.png

With Workable Pro you can add a checkbox item to application forms that will appear automatically for any job located in the EU, Norway and Iceland, where residents are protected under the laws of the General Data Protection regulation (GDPR), as well as to jobs based in Switzerland and Liechtenstein. Candidates must check the box to apply and will be shown a link to your Privacy Notice.

consent_checkbox.png

To enable this option click your user icon in the upper right of Workable and navigate to Compliance. Flip the Applicant consent switch to ON.

applicant_consent_switch.png

Enabling this switch is not a requirement. As a recruiter you have a legitimate interest in collecting data from candidates who want to work at your company. Candidates choose the information they submit and should understand that their data will be used for hiring purposes.

Additionally, candidates will automatically receive a link to your Privacy Notice on the application confirmation page that appears after they apply. They will also receive an application confirmation email which contains a link to your Privacy Notice.