GDPR and recruitment agencies or HR

GDPR and recruitment agencies or HR
13 November 2018

GDPR and recruitment agencies or HR

The GDPR has already entered into force and is much wider than you might have thought. The new privacy policy has affected almost every sphere of life. One other important area of ​​business that should actively work with GDPR is the human resources area, the so-called HR.

How GDPR affects HR area

Much of what GDPR concerns is about the question of consent. At present, many employers receive employee consent to process their data by including this provision in their employment contract. However, the new European Union regulations on general data protection significantly tighten the rules for obtaining consent. Employers, as well as recruitment agencies, have to fulfill the obligation to inform jobseekers in relation to GDPR already in the recruitment process. In some cases consent to the processing of such data is required.

The consent of the data subject means any free, specific, informed and unambiguous indication of the data subject who, by means of an expression or clear positive action, expresses his consent to the processing of his personal data. However, according to GDPR, such consent cannot be placed somewhere on the back of the employment contract. Human resources departments will also have to think about how to justify the processing of employee data.

Obligations of the employer

It is important to realize when compliance with the information obligation is required and when consent is needed. It all depends on whether or not the employer creates a database of candidates. In both cases, however, the employer must be able to prove the fulfillment of the information obligation to the applicant and the consent of the applicants. With the retention of personal data on prospective employees, employers are obliged if the personal data are obtained directly from the candidate:

  • the employer does not keep CVs - only the information obligation,
  • the employer creates a database of candidates - only the information obligation and consent is required.

If personal information is not obtained directly from the applicant but from another source, such as a job portal:

  • the employer does not keep CVs - only the information obligation,
  • the employer creates a database of candidates - only the information obligation and consent is required.

Data failures

The HR segment must be aware that in the event of a data breach or misuse, the organization must transmit this report to the competent authority within 72 hours. If the violation is extremely serious and highly endangers the individuals concerned (including employees), the company must also inform them about the issue.

Contact form

Preparation of Security Documentation in terms of GDPR from 139€ with insurance.

osobnyudaj.sk, s.r.o. Námestie osloboditeľov 3/A,
040 01 Košice

Non-binding free quote

from € 139 with insurance

We have provided services
to more than
11 500 clients

Free quote

Questions and answers

Dear client, if you have not found
what you are looking for, do not hesitate
to contact us.

To contact