Home //Recruitment

Compliance in the Recruitment sector

  • Digitize your GDPR and Anti-corruption compliance with a single platform
  • Implement multi-entity management tailored to the structure and size of your organization
  • Be fully prepared for government agency audits
  • Involve all stakeholders with a collaborative tool
  • Analyze your completeness rates and progress of actions in real time using our dashboard

Hiring photo created by ijeab – fr.freepik.com

Reliability photo created by Drazen Zigic – fr.freepik.com
  • Use customizable workflows to speed up your processes
  • Set up alerts to notify internal and external stakeholders
  • Easily map your data and records
  • Manage information and documentation confidentiality
  • Prevent and manage personal data breaches

Reliability photo created by Drazen Zigic – fr.freepik.com
home-page - screenshot-logiciel-rgpd

DLD GDPR

#1 French software for GDPR compliance

With a simple approach and 360° vision, manage your company’s or administration’s personal data and protect them to ensure GDPR compliance.

Find out more
home-page-screenshot-logiciel-sapin-2

DLD Anti-corruption

The most comprehensive anti-corruption software on the market

Meet the recommendations of AFA, the French anti-corruption agency, using a single software program that combines all the pillars of the Sapin 2 anti-corruption law, starting with risk mapping, the core common to all the pillars.

En savoir +
home-page - screenshot-logiciel-rgpd

DLD GDPR

#1 French software for GDPR compliance

With a simple approach and 360° vision, manage your company’s or administration’s personal data and protect them to ensure GDPR compliance.

Find out more
home-page-screenshot-logiciel-sapin-2

DLD Anti-corruption

The most comprehensive anti-corruption software on the market

Meet the recommendations of AFA, the French anti-corruption agency, using a single software program that combines all the pillars of the Sapin 2 anti-corruption law, starting with risk mapping, the core common to all the pillars.

En savoir +

They use Data Legal Drive on a daily basis

“We chose Data Legal Drive because the software is very easy to deploy and use. It helps guide us, which is fundamental for us because […] we seek to offer our clients maximum support.”

Florence Cann

Founder & Executive Manager

A few of our clients in the sector

Why choose Data Legal Drive?

SOVEREIGNTY

Choose a French company that hosts your data in France!

SECURITY

Use software that has undergone a security audit by an approved ANSSI partner.

PERSONALIZED GUIDANCE

Enjoy our unique, personalized customer support. Customer satisfaction: 98%

On the strength of its partnership with the leading French legal publisher Lefebvre Dalloz, Data Legal Drive has emerged as the most legally reliable and easily usable solution on the market today.

Developed using the latest innovative technologies, the platform combines intuitive ergonomics and legal expertise dedicated to the data governance of its customers.

SOVEREIGNTY

Choose a French company that hosts your data in France!

SECURITY

Use software that has undergone a security audit by an approved ANSSI partner.

PERSONALIZED GUIDANCE

Enjoy our unique, personalized customer support. Customer satisfaction: 98%

Data Legal Drive is…

+20000

SaaS users

+25

countries where the software is used

+98%

customer satisfaction

10

languages available

2

tools designed by specialized teams

+20000

SaaS users

+25

countries where the software is used

+98%

customer satisfaction

10

languages available

2

tools designed by specialized teams

Find out all about the Data Legal Drive platform!

Request a demo

GDPR AND RECRUITMENT

How can you conduct an effective recruitment campaign and ensure GDPR compliance?

Recruiting is one of the sectors most impacted by the entry into force of the GDPR.

That’s because recruitment is synonymous with collecting information, to allow recruiters to evaluate all the applicants and assess whether a given applicant meets the requirements of a given job.

The entry into force of the GDPR has created a framework for recruiters and their practices, and has helped to provide stronger protection for applicants’ privacy. In this article, Data Legal Drive will focus on the key points for a successful recruitment campaign while ensuring you remain GDPR compliant and protect applicant privacy.

Job interview created by aleksandarlittlewolf – www.freepik.com

Ensuring minimization at data collection

Article 5.1.c of the GDPR establishes the principle according to which “personal data shall be […] adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed”.

The principle of minimization during data collection requires that data controllers only collect the data that is strictly necessary for the purpose of the processing activity. Regarding recruitment, this principle is also established in the French Labor Code, which stipulates that “information requested, in any form whatsoever, from a job applicant must have the sole purpose of assessing their capacity to perform the job offered, or their professional skills. The information must be directly connected to, and required for, the job offered, or be necessary to evaluate professional skills.” [1]In practice this means that applicants can only be asked for information needed to evaluate their capacity to fill the job offered. Within these terms you can ask applicants for the following information:

  • Their qualifications, e.g. diplomas
  • Their past experience, e.g. position most recently held
  • Their skills

When necessary relative to the job offered, additional information may also be collected. For example, if a job requires frequent travel, a recruiter can ask if the applicant has a driver’s license.

It is therefore crucial to avoid any questions that extend beyond the professional realm. This excludes questions involving an applicant’s private life, for example their marital status, current number of children, or plans to have children.

[1] Art. L1221-6 of the French Labor Code

Setting a limited retention time

Recruiters can keep the personal data of applicants not hired for a job. This is because another position may need to be filled at a later time.

However, the time limit for keeping the data is two years.

Furthermore, to ensure process compliance, the data controller must ensure two points:

  • The applicant must be able to withdraw their consent at any time: in the email informing them that their data will be kept, they must be informed that they have the option to withdraw their consent.
  • If the applicant does not ask that their data be deleted, a process must be implemented to automatically delete the data after two years.

Naturally, to ensure your compliance with the GDPR, you can use a shorter retention period, for example 18 months.

Choosing an appropriate legal basis

All processing of personal data must be based, according to article 6 of the GDPR, on one or more legal bases: it is important to choose a legal basis that corresponds to the purpose for which you are collecting the data.

If the purpose of a processing activity is to recruit applicants, the data controller can choose from among the following legal bases:

  • Legitimate interest, which can justify the creation of a resume bank. This legal basis is grounded in the data controller’s need for a resume database that they can draw on whenever a new recruitment is required
  • Performance of a measure prior to entering into a contract: This legal basis generally concerns processing relative to applicant follow-up, and to the formalization of an employment contract once the applicant has been formally chosen
  • Legal obligation: This legal basis can be justified, for example, by a recruiter’s obligation to check the residence permit of a foreign recruit

Ensuring that applicants are informed

A recruiter’s obligation to inform ensures that applicants can know the reason for which their personal information is being collected (e.g. evaluation of professional skills), understand how their data will be used, and ensure that they have control over their data by facilitating data subject requests.

Recruiters must therefore inform applicants if they are processing their personal data, regardless of how the data was collected.

The methods for informing them depend on how the data was collected:

  • Directly from an applicant who sends them their resume when applying for a job offer
  • Indirectly, for example via professional social media

The following information must be given to applicants[1]:

  • Identity and details of the data processor
  • Purpose of the processing
  • Legal basis of the processing
  • Recipient(s) of the information collected
  • Data retention time
  • Existence of transfers to third-party countries, if applicable
  • Existence and conditions for applicable data subject requests

In addition to this information, if the applicant’s personal data was collected indirectly, the recruiter must also inform the applicant of:

  • The categories of personal data collected
  • The source of the data

[1] Article 13 of GDPR

Protecting the rights of applicants:

The entry into force of the GDPR has given job applicants more control over their personal data.

Applicants have the following six rights:

  • Right of access: At any time, applicants can ask to be informed of the way their data is being processed
  • Right of erasure: Though the retention time in recruitment is established at two years, applicants have the right to request that their personal data be deleted at any time
  • Right of rectification: At any time, applicants can request that their collected data be updated or corrected
  • Right to restriction of processing: Applicants can ask that processing of their data be suspended
  • Right of objection: Applicants can object to the processing of their data for reasons relating to their specific situation. In this event, the recruiter must stop processing their data
  • Right of portability: Applicants can request the portability of their data, i.e. retrieve it or have it transferred to an organization of their choice

To ensure these rights are satisfied, the data controller must set up an internal process, for example design a special contact form with an email address dedicated to data subject requests.

In addition, the data controller must answer the request as soon as possible, and at the latest within one month. This period may be extended to two months for complex requests or multiple requests by the same data subject, providing the applicant is informed.

To conclude, the compliance of your recruitment process hinges on five key points, and represents a facet of your organization’s GDPR compliance.

If these provisions are not satisfied, recruiters must keep in mind that the CNIL is authorized to hand down administrative fines. A CNIL fine resulting from a GDPR breach can have a highly negative impact on an organization

  • Firstly in financial terms
  • But also in terms of an organization’s image, which can eventually hurt recruitment efforts
Request a demo