DSGVO and data protection compliant recruiting: 2 X 6 Last-minute tips for the new law

We make the Working World more Human and Ecological, so we donate Revenue for Certified Reforestation. As Publisher Best of HR - Berufebilder .de® with an unique Book Concept, on-demand eCourses and a News Service we share 15 years of Experience with our Customers (Samsung, Otto, State Institutions). By the Top20 -Blogger Simone Janson, referenced in ARD, ZEIT, WELT, Wikipedia .
Copyright: Artwork created as part of a free collaboration with Shutterstock. ,

The time has come: From the 25. In May, the EU General Data Protection Regulation (DSGVO) applies. Anyone who violates this will face heavy penalties. The Applicant Management System automates all necessary processes, storing and managing data centrally in one place. In addition, the data protection compliant handling of all data is completely verifiable. Find out in the checklist, whether you have thought of everything. DSGVO and data protection compliant recruiting: 2 X 6 Last-minute tips for the new law DSGVO and data protection-compliant recruiting: 2 X 6 Last-minute tips for the new law

Tip: Text as PDF (please read the instructions!) or to this text complete eCourse Download. Regular promotions or news per Newsletter!

More knowledge - PDF download, eCourses or personal advice

Here writes for you: Tobias Tiedgen is Managing Director of the Hamburg recruiting company d.vinci. Profile

DSGVO in relation to HR


The General Data Protection Regulation concerns the entire processing of personal data in companies. With the entry into force of the GDPR, recruiters are required to record all processing activities.

Tip: Text as PDF (please read the instructions!) or to this text complete eCourse Download. Regular promotions or news per Newsletter!

They must ensure the admissibility of data processing through technical or organizational measures, design the technology in a privacy-friendly manner, estimate the consequences of data protection and report data breaches. When handling applicant data, six principles must be adhered to:

  1. Transparency: Data must be processed in a manner that is comprehensible to the data subject.
  2. Earmarking: Data from one Casting may only be used in the context of the application process and are to be deleted after termination.
  3. Data minimization: Only data necessary for the purpose of the data collection, ie for the recruitment process and the candidate selection, may be collected.
  4. Accuracy: All data provided must be correct and up-to-date at all times.
  5. Storage limit: Data may only be stored for as long as necessary.
  6. Confidentiality: The security of personal data must be guaranteed. This includes protection against unauthorized or unlawful processing and against unintentional loss, accidental destruction or accidental damage through appropriate technical and organizational measures.

1. Save data within the EU


Without our own IT system, compliance with the new legislation is hardly possible. Anyone who hires a provider, should make sure that this and third-party providers store the data in the EU, preferably in Germany. In addition, only the data necessary for the provision of the service should be transmitted. Check with which service providers and with which software (eg an applicant management system or a CRM system) personal data is processed. The order processing contracts should be adapted to the new provisions of the GDPR. It is best for the service provider to provide a new order processing contract that you as a customer can easily accept and secure.

Even better is if your supplier is ISO 27001 certified. This ensures that the entrepreneurial and legal requirements are met. Be aware of the scope of a certification, and verify that all processes are certified by the vendor that processes your data, not just the data center.

2. Have your privacy statement verified


Applicants are from 25. May ask them to accept the privacy policy. This can be solved in an IT system in that the candidates have to actively consent to the privacy policy before sending their application via a checkbox. It must contain:

Tip: Text as PDF (please read the instructions!) or to this text complete eCourse Download. Regular promotions or news per Newsletter!

  • the reference to technical-organizational pollution measures,
  • Deletion periods,
  • the purpose of processing and
  • the reference to the use of cookies.

For the greatest possible transparency, I recommend resending the link to the privacy policy together with the confirmation of receipt. The easiest way to do this is via a correspondence template in the system.

But what if eMailApplications? In that case, you should email the prospective customer in advance and ask him to transfer the data to the applicant management system.

Incidentally, the consent to the privacy policy also applies to employee recommendations: If these are not achieved via an extra tool, the employee who submits a friend's application directly to the HR department must be able to prove his or her consent. Otherwise, the HR department may not accept the documents.

3. Restrict view privilege


Make sure that the view permission for applicant data is always restricted. They may only be accessible to those who are also involved in the application, such as the HR Administrator or the Works Council.

Tip: Text as PDF (please read the instructions!) or to this text complete eCourse Download. Regular promotions or news per Newsletter!

However, if the drive is open to others, leave candidates' documents on their desks, or share a calendar with other colleagues, which lists job interviews by name, disclose the identity of applicants, and clearly violate privacy. If you use an applicant management system, you can control access to documents with a role and rights concept. But beware: never pass login data!

4. delete data


In the future it must be proven that data will be deleted after a certain time. However, there is still no legally binding definition for periods. For our customers, a deletion has proven itself after four to six months. In any case, the data will remain until the expiry of the two-month period for a claim for discrimination in order to be able, in case of doubt, to refute discrimination allegations. An automated deletion period can be easily implemented in the system.

In addition, I recommend that recruiters include the reference to data deletion directly in the rejection letter in order to anticipate queries from applicants.

5. Applicant pools must also be compliant


Candidates who do not fit in with the advertised position, but may be eligible for another post at a later date, may be placed in an applicant pool. The aim of applicant management is to support the application process and the selection IT-technically and thereby to make the work processes largely automated and efficient.

Tip: Text as PDF (please read the instructions!) or to this text complete eCourse Download. Regular promotions or news per Newsletter!

The application management system allows in detail:

  • Increased transparency for applicants, recruiter and departments
  • the data entry by the applicant and thus time savings and error prevention
  • the shortening of reaction times through standardized processes and memories
  • the documentation of the recruiting process
  • the standardization of recruiting processes
  • an improved candidate selection
  • the optimization of recruiting channels
  • a reduction in recruiting costs
  • as well as a modern employer image inside and out.

But: The candidate must be asked in advance whether he also explicitly agrees to be included in the pool and thus a longer-term storage. In addition, he must be informed about the associated deletion deadlines.

It is advisable to use an automatic mechanism that reminds the HR department in good time to seek renewed approval for further storage in the pool. At the same time, it is also possible to query whether the data is still up-to-date (principle: correctness).

6. Privacy also applies to employees


What applies to applicants also applies to the employees. Many companies use pictures of their employees in the external appearance. Here is not enough general power. Employees must agree individually for each channel of use (website, social media, posters for eg trainee campaigns, etc.).

Tip: Text as PDF (please read the instructions!) or to this text complete eCourse Download. Regular promotions or news per Newsletter!



Due to an editorial error, the first version of this article incorrectly included references to service offerings. However, since the article is a neutral technical contribution, these promotional items have been removed. We ask for apology.

More knowledge - PDF download, eCourses or personal advice


Offline download: Download this text as PDF - Read usage rights, Because we do not automatically submit the title of this text for privacy reasons: When buying in "interests" the title register if support is needed. After buying text exclusively Download at this URL (please save).

3,35 Book now

Your eCourse on Demand: Choose your personal eCourse on this or another desired topic, As a PDF download. Up to 30 lessons with each 4 learning task + final lesson. Please enter the title under "interests". Alternatively, we are happy to put together your course for you or offer you a personal regular eMailCourse including supervision and certificate - all further information!

16,20 Book now

Consultant packages: You want to increase your reach or address applicants as an employer? For these and other topics we offer special Consultant packages (overview) - For example, a personal phone call (price is per hour).

149,99 Book now

occupations pictures

You want to comment here? Please the Debate Rules comply, contributions must be unlocked. Your eMailAddress remains secret. More information on the use of your data and how you can counter this can be found in our privacy policy.

  1. To follow debate on this post
  2. All debates follow
  3. Debates per eMail subscribe (add link here!)

Post a Comment

Your email address will not be published. Required fields are marked with * .

JaI would like to be regularly informed about the latest promotions & offers Newsletter be informed.

I hereby accept the Debate Rules and the Privacy policy with the possibility to contradict the use of my data at any time.