Frequently Asked Employment Questions

< Go back

Document updated/added on 04.05.2021

Topic: Recruitment process

How does data protection legislation apply to recruitment?

The UK GDPR and the Data Protection Act 2018 apply to all aspects of the recruitment process. Any personal information obtained during the recruitment process must be handled carefully, confidentially, transparently and securely and only in accordance with the terms of the privacy notice which you should have issued to all candidates when collecting their information. If you wish to retain candidates' personal information on file beyond your normal data storage retention periods for if there are future suitable employment opportunities with you, such as their contact details, you'll need to explain to them why you wish to retain it and for how long and you should obtain their express consent to do so. Tip. The information that you jot down in interviews about a candidate can be disclosed to them under the terms of a data subject access request; even pencil notes. So be careful what information you record.