The RGPD imposes strict rules on everyone involved in personal data processing, including recruiters.
The GDPR has imposed a whole range of best practices concerning the processing and safeguarding of individuals' personal data, particularly that of candidates during recruitment. What are these rules and what impact do they have on your day-to-day work as a recruiter?
Reminder of global rules
What data can be recovered?
The RGPD is very clear on this point, only data used to assess the candidate's skills and suitability for the proposed position can be requested.Using Beetween helps limit possible errors when writing the ad. Our job board partners also moderate the job offers they publish.
Who can access it?
Access to collected data must be limited and controlled. Only those involved in the recruitment process should have access to them. By using ATS software, the employer mandates the software to secure data processing and storage. This means that, by default, the data collected is only accessible to licensees.
Candidates' rights regarding their personal data
The right to be informedA whole range of information must be easily accessible to the candidate at all times: identity of the person responsible for the file (recruitment agency, human resources department), recipients of the information collected, data retention period, conditions for exercising rights of access/rectification/deletion of data, possibility of lodging a complaint with the CNIL...Automatic emails confirming applications are partly there for this reason. As well as improving the candidate experience, they make it easy to remain compliant with the RGPD on this point.
The right of accessIt's not enough to inform candidates of their rights; they must be given the means to use them. Applicants must be able to obtain a copy of, modify or request the deletion of any personal data stored about them, without having to give any reason for doing so.
In view of the above rules, we would like to draw your attention to 3 points: your career site, your CV library and your collaborative recruitment process. Indeed, while using ATS software such as Beetween assures you of data security and offers you a whole set of features enabling compliance with the RGPD, your actions may invalidate these safeguards.
Points to watch when processing candidate data
Your career site
A career site must meet a number of requirements concerning personal data.
First of all, this is a website. Like any website, it is often linked to analysis data. As such, you must manage the deposit of cookies. A simple banner telling the Internet user that you use an analysis tool, that if he continues browsing he tacitly accepts the deposit of related cookies, is no longer sufficient since the RGPD. You'll also need a page specifically dedicated to your personal data processing policy, as well as a Legal Notice page. At Beetween, we have implemented the necessary default settings on our career sites. We automatically set up the above-mentioned legal pages for you.
Secondly, the site must comply with the rules governing the processing of personal data in the context of recruitment (described above). This means limiting the data collected to that which is necessary for processing the application, informing the applicant of his or her rights and the means at his or her disposal for using them.
Your CV library
If a candidate is unsuccessful and you wish to keep his or her data in your CV database, you need the candidate's agreement first. As the candidate has voluntarily provided this information for recruitment purposes, you can simply inform him/her in your written negative response that, unless he/she objects, you will keep his/her information for future recruitment purposes. However, this communication must include a reminder of the candidate's rights (access, rectification, deletion) as well as the means of asserting them.
The personal data of unsuccessful applicants may not be kept for more than 24 months after the last contact. If you set up an automated communication at the end of this period in order to request authorization to retain the data again, a positive response will extend the period by a further 24 months. Beetween automatically deletes the candidate files concerned. The time limit can be modified in your Settings & CNIL. The default setting is 24 months.
Collaborative recruitment
By default, Beetween incorporates 3 functions for sharing candidate data: forwarding, recruitment sharing and application transfer.
Visit application forwarding is to forward all applications received to a given email address. It is up to the user scheduling the transfer to select the data to be shared. Be careful, therefore, not to make a transfer to a person who has no specific connection with the recruitment in progress (for example, your manager if he or she is not involved in the recruitment).
The shared recruitment allows Beetween users to recruit in a truly collaborative mode. You can only share a recruitment with another Beetween user. If the e-mail address does not correspond to a known user, a manager license will be assigned to this user. In this way, he can access the entire recruitment process.
Visit forward is undoubtedly the easiest collaborative feature to use in the context of the RGPD. With forwarding, you can select the information you want to share for review. In addition, we may consider deactivating the link provided for viewing attachments after a certain period of time, so we advise you to use it for all requests for advice on a candidate from anyone outside the recruitment team.