Active candidates are those who applied to your jobs themselves, either from the job boards, from social media or from anywhere else that you shared your job opening. Passive candidates are those that have not filled out the application form and are: uploaded by members of your account or external recruiters, sourced via People Search, referred by other members of your organization or even handed out their CV to your team at a careers fair.
Engaging with applied candidates
In line with the GDPR principle of 'data minimisation', ensure that as a company you are requesting only what is 'adequate, relevant and limited to what is necessary' in your application forms, and that you have a full understanding of exactly why that data is required.
Your organisation will need to take responsibility for your own GDPR compliance and make sure that your team is using Workable correctly. Of course, as a recruiter, you have a legitimate interest in collecting data from candidates who want to work at your company and candidates choose the information they submit and should understand that their data will be used for hiring purposes.
Workable’s customisable application form requests only the essential information required for recruiting purposes. The default question structure of the application form can be used as a starting point, but you can always add more questions relevant to the job you’re recruiting for.
Get some inspiration before creating your next application form from our resources page.
Handling data from passive candidates
Whether you’re using People Search or any other sourcing tool, after adding passive candidates into the pipeline for a job, or to your Talent Pool, GDPR regulations state that you must email these candidates 'within a reasonable period after obtaining the personal data, but at the latest within one month’ to notify them that you are processing their information, and to provide them with details of the processing.
- You can email the candidates separately or in bulk using an email template that can be used to contact passive candidates with a consistent approach.
- The first time you email a sourced candidate or invite them to an event, a footer will be automatically added to the email including a link to your organization’s Privacy Notice and an option for the candidate to delete their own data and withdraw from your process. The details in the footer can be edited if needed.
GDPR and automatic social media profile retrieval
When a candidate is added to your account (either through applying or being sourced), Workable's People Search technology will automatically enrich their profile with links to their social media accounts.
As a ‘data processor’ Workable searches publicly available profiles and opt-in databases for information about candidates and prospects. By clicking the links provided, Workable users (‘data controllers’) can view only the information that candidates and prospects have chosen to make available.
On June 29 2017, the EU's Article 29 Working Party (the collection of data protection authorities) released guidance on the privacy of employees and candidates. This specifies that employers may process social media profile information if there is a legitimate interest.
Quoting from Section 5.1:
Therefore, any potential employer using People Search whether directly or via the automatic social media profile retrieval must be able to justify its use on the basis that this is ‘necessary and relevant’ for the job for which the candidate is being evaluated.
For example, an employer might want to review an applicant’s LinkedIn profile since employment history and skill-sets are integral information to the hiring process. The employer might not need to inspect an applicant’s Twitter feed, which is likely to contain extraneous information that is not relevant to hiring them.
Note that the option to turn off automatic social media retrieval on the candidate profile is available via the account settings.
Candidates’ deletion requests
Deleting candidate data is a simple process within Workable. You might do this if a candidate has requested deletion, if you never plan to contact the candidate again or if you’ve held the candidate’s data for a long period without any further follow-up or review.
Candidates can elect to delete their data via a link in their application confirmation email. Alternatively, if a candidate requests to have their data removed from your system, you need to comply at once with their request and delete their profile and timeline from any jobs they might have been considered for.
To ensure that all their data is removed, we suggest to run a quick search with their name or email in the Candidate Database to check that all their information is removed from your Workable account.