Compliance And Data

GDPR checklist for recruiters

GDPR checklist for recruiters
Orla Hodnett

Orla Hodnett


With the range of changes that GDPR brings about, it can be hard to focus your attention. HireHive is GDPR compliant recruiting software so we put together a quick GDPR checklist for recruiters, to help you make the necessary changes to your recruiting strategy.

The European Union’s GDPR (general data protection regulations) mean big changes in the recruiting industry. The way candidates’ data is handled and held will change significantly. Here is a quick GDPR checklist of things you should be aware of and how your recruiting software can help:

Review your internal policies

You probably already have a clear set of rules on how your team handles data, but with the upcoming change this may need to be updated. Take the time now to review and ensure you're still in line with regulation. Burden of responsibility lays largely with the data holders now, so know your responsibilities.

Education and training Some of these changes may mean doing your work in a very different way. Ensure your team are briefed and trained on what is to come. An innocent mistake by a team member, due to misinterpretation of new rules, may result in audit or penalties.

Identify gaps or issues

Before you reach the GDPR deadline, take time to assess your current situation. You might be largely compliant right now, but you might be a few small changes away from full compliance. The recruiting industry requires specific change so do a quick audit of your practises.

Right of access

This one is very significant in recruiting, but also easy to manage if you use recruiting software. Only those who have permission to view the data can view the data so you need to enforce those limitations. Recruiting tools like HireHive allow you to easily grant and withdraw permissions from your team.

Breach notification

Have you got a means of contacting any candidates about a data breach? The GDPR requires you to inform the subject of the data of any breach within 72 hours of the incident. For this reason you need to ensure you have a policy or strategy in place, should this arise.

Who is in charge?

Has someone been appointed as the data protection lead on your team? It may help to put someone in charge of training, devising new strategies and implementing new policies.


Your means of gathering and retaining data may have to change. You should review existing and devise new procedures ahead of the implementation of the GDPR. This, along with training, will help your team address these new regulations.

Ask the pros

If you're unclear on any aspect of the new regulations, it may be best to check in with the experts. Check with your lawyer or a data protection authority so that you're completely clear on what is expected of you and your organisation.


Retaining any data securely is essential. As stated already, you now have a duty to inform data subjects of any breaches. Data should be encrypted, so that it is securely stored for the duration of time you have been permitted to hold it. GDPR compliant recruiting software can help with this.

Permissions from the data subject

The rights of the individual have been greatly strengthened by this new regulation. Ensure that you have the correct permissions from any candidate and that you are using their data in the way they permitted.

banner test3

See how HireHive is helping customers become GDPR ready

Watch our demo

Hiring Pipeline

Arrange a product tour today and start using
recruiting software that helps you find and hire
the best candidates.

Read also

Company logo for Life Credit Union

“HireHive makes the team a lot more productive. We’d be lost without it. Team Leaders can do it all themselves if needed or jump in at the right time and know exactly where everything is and what’s happening.”

Profile of Hilary Dempsey

Hilary Dempsey Head of HR at Life Credit union

Join over 2,000 companies who streamlined their hiring process with HireHive