placeholder
Stuart Gentle Publisher at Onrec

New research reveals majority of recruiters ready for GDPR: Concerns remain about sourcing and hiring under new guidelines

Data from Lever Examines How Organizations are Preparing for GDPR Compliance Specific to Recruiting and Hiring

While nearly three quarters of organizations feel confident in their ability to achieve General Data Protection Regulation (GDPR) compliance for their recruiting efforts by the May 25th deadline, most still harbor concerns about how the new regulations will impact their hiring process, according to new research from Lever, the recruiting software for more than 1,500 leading companies around the world. Lever surveyed 500 professionals across the EU and US directly involved in preparing their organizations for GDPR compliance for recruiting.

According to the survey results, 70 percent of respondents believe they will be prepared for GDPR compliant recruiting by May 25th, but preparation doesn’t come overnight, or in a silo. Nearly a third of respondents say they are investing significant time and resources into becoming GDPR compliant and 73 percent are working with external or internal legal counsel to prepare.

Despite this high level of preparedness, 61 percent of respondents are concerned about the impact of GDPR on their recruiting and hiring processes, including how they source potential candidates. Respondents were also either ‘very concerned’ or ‘extremely concerned’ about adhering to specific requirements included in the regulations, such as: 

  • Maintaining full records of recruiting processing activities (52 percent)
  • Determining when to get consent from candidates (50 percent)
  • Determining how long to store a candidate’s personal data before deleting it or obtaining consent (47 percent)
  • Selecting software vendors who will enter into GDPR compliant contracts and meet data security requirements (46 percent)

Regardless of these concerns, the overwhelming majority (90 percent) of respondents who are already engaged in sourcing will continue to do so under GDPR. 

“The GDPR deadline is quickly approaching, but few are discussing the potential impact these regulations will have on how organizations source, recruit and hire their talent,” said Mike Walsh, Director of Product Marketing of Lever. “We hope this research serves as a catalyst within organizations to begin discussing in detail how they will move forward with sourcing candidates under GDPR and the lengths they will go to protect candidate data. At Lever, we have spent significant time working on these issues on behalf of our clients and hope to continue to serve as a resource for recruiters worldwide.”

Lever’s research also revealed some organizations are unsure how to adhere to regulations related to candidate data. According to the GDPR, organizations must identify their own “lawful basis” for processing personal candidate data. For recruiting, the most common lawful bases are consent and legitimate interest, but it can be a grey area for many recruiters. 

For example, respondents are split regarding when to collect consent from candidates. Only 40 percent of respondents will collect consent to contact for jobs they did not apply to, 37 percent will collect consent in order to email candidates they source and 25.5 percent will collect consent when they plan to keep data from candidates who were in their ATS before May 25th, 2018.

Another grey area the survey addressed was determining how long to store candidate data. While GDPR requires companies to only keep personal data for “no longer than is necessary for the purposes for which the personal data are processed,” the data showed great variation in how organizations are interpreting this obligation. Some companies will delete candidate data as soon as the job they were tied to closes (23 percent), while others plan to retain candidate data for a year or more (23 percent). 

The full research report can be downloaded at this link.


Methodology

From March 2 - 8, 2018, Lever surveyed 500 professionals across the EU and US who are directly involved in preparing their organizations for GDPR compliance for recruiting.