What does the GDPR change in terms of the data collected during your recruiting process? Basically, the rules are close to those in force before 2018. The big difference lies in the sanctions applied in case of non-compliance (see our previous article on the GDPR). You don’t always know how to apprehend the GDPR and the subtleties related to it? Based on our experience on this subject, we guide you step by step for 100% compliant recruitments!
Keeping the data in the respect of the deadlines and according to the source
What does the CNIL say?
In the event of a negative outcome to an application, the file is kept by the company unless the applicant gives a different opinion. The data is automatically destroyed after a retention period generally set at two years after the last interaction with the candidate. This period may vary from company to company. Only the formal agreement of the candidate allows retention beyond this period.
What happens concretely in the field?
Some companies choose to delete this data after one year, but other organizations that recruit rarer profiles ask the CNIL for exemptions to extend this retention period. This is the case for penuric professions such as architects, for example.
Differences to be taken into account depending on the source of the application
If you have retrieved applications yourself on Linkedin, for example, and as our plugin allows, you have a maximum of 30 days to keep them. If you wish to transmit their CV to a third party and/or keep their application beyond this period, you must ask the candidates for permission.
What is the advantage of an ATS like Jobaffinity?
You can program the deletion of profiles in your ATS tool. It will be done automatically at the end of the chosen period. Jobaffinity knows how to detect the date of your last interaction with the candidate. If you wish to keep this application, you can ask the candidate for his agreement to keep his profile in your CVthèque. This is a function of the software.
Jobaffinity also knows how to distinguish between the different sources of applications. Our tool detects the applications that you have entered manually and which have not been the subject of prior consent. Our solution automatically deletes them after 30 days. If you wish to keep them, you can contact them for approval. You can easily filter these profiles in Jobaffinity, identify and contact them!
Keep your candidates well informed about the processing of their data
What does the CNIL say?
“The GDPR imposes concise, transparent, comprehensible and easily accessible information for the people concerned. Transparency allows the persons concerned to know the reason for the collection of the various data concerning them, to understand the processing that will be made of their data; to ensure the control of their data, by facilitating the exercise of their rights (1). »
What do you need to do?
You must display in your legal notices the conditions of data storage and use. This text must also appear in the application form so that people wishing to apply for a job in your company can accept them with full knowledge of the facts. When you retrieve profiles by email, you can put this legal text in the acknowledgement of receipt of applications.
What is the advantage of Jobaffinity?
For your information, we offer you an example of text to be displayed on the application form of your recruitment software to respect the GDPR information principle that you will find here. This text is intended for companies whose data does not “leave” the European Union. Our software can inform candidates at several levels. For applications coming from social networks, you can identify them through Jobaffinity and send them your privacy and data processing policy by email.
1] Source: CNIL
