Data Privacy for Recruitment

Chaucer / Digital / GDPR & Data Privacy / Data Privacy for Recruitment

As with other industries relying heavily on B2B and B2C marketing and communications, the recruitment industry is one of the most heavily impacted by the recent GDPR / UK Data Protection Act & PECR (ePrivacy) regulations.

Despite this, it is also the industry that has the most to gain from the implementation of these new regulations. Key to realising these gains is a n in-depth knowledge of how to comply with the different legislation while still maximising growth.

GDPR / Data Protection Act vs PECR (ePrivacy)

Understanding the implications of both sets of legislation is critical for agencies because even though they go hand in hand, the focus of each legislation is on different parts of your business.

For in-house teams, PECR (ePrivacy) should be your focus. For recruitment agencies though, both are just as important.

It’s not just about having consent, it’s about making sure it’s the right type of consent for different activities, and that B2B and B2C approaches are aligned to the relevant regulations.

Creating business benefit

Unstructured data, old CVs and out of date information can clog up data storage, waste time and lead to complaints or distrust.

GDPR Article 30 mapping of your data flows and purging data is a powerful way to reinforce the ethics of your company and your focus on quality service and respect for candidates and clients.

Mapping also ensures you understand where sensitive data is being collected and allows you to plan accordingly. Transparent policies and consistent processes can only strengthen your reputation, and help differentiate you against less compliant competitors.

How can Chaucer help?

Our Recruitment Data Privacy service begins by understanding your business’s data privacy goals and reviewing any compliance activities already started. It is a comprehensive provision designed to help you ensure compliance in this fast changing legislative climate.

We can assist with understanding your current practices (what your recruiters are doing on the ground, not just what they are trained to do), to map out and prioritise high risks, and to set up new KPIs, processes and systems to support the growth of your business focusing on quality and legal practices.

Chaucer’s Recruitment Data Privacy service ensures that compliance is maximised around:

Article 30 data flow mapping

  • To help you to understand your business’s high-risk gaps and issues

Marketing / prospecting

  • Identifying activities most likely to prompt Subject Access Requests or complaints

Subject Access Requests (SARs)

  • Establishing a process for managing them, including awareness and ongoing data cleansing / purging

Creating a culture of awareness

  • Realising that while your people are your greatest assets, with regards to data privacy, they are simultaneously your greatest risk

Recently we have worked with a range of different sized enterprises, from 10-person organisations, up to Fortune 500 multinationals. We also offer an SME service, up to Enterprise level programmes, for companies who might be still deciding how to start.

Who do I call to discuss this?

If you have any questions about Data Privacy, the GDPR or to arrange an initial conversation about how we can help you on your journey to compliance, please contact us on +44 203 934 1099, or email