Menu

Recruitment websites, GDPR, how does it effect recruitment agencies

The hot topic of the moment is GDPR. Due to come into effect in May of 2018 GDPR or the General Data Protection Regulation has been created in the European Parliament by which the Council of the European Union and the European Commission aim to increase data protection for all individuals data inside the European Union and (post Brexit) the United Kingdom.

There is much uncertainty over GDPR from the I.C.O regarding enforcement due to lack of clarity regarding consent of data collection, however, we feel that if you follow the simple guidelines as set out in the GDPR then your business will be operating on the right side of the legislation.

The main points are as follows:

  • Data security
  • Intrinsic privacy
  • Data processing transparency
  • Data access and portability
  • Right to be forgotten
  • Data breaches

I will try to go over these main points separately and how they might effect your online recruitment platform.

Data security

Security of data should be the number one priority of any business. When a user enters information on to your website, they do so with an expectation that your website and associated systems will keep their data secure. Unfortunately this notion seems to have been lost over the years with poor low quality plugins and modules created by low quality developers more intent on making a quick quid than a secure and sustainable product than writing secure code, unfortunately the only one that suffers by this is you the recruiter because the buck stops with you if there is a data breach., it is you and you alone that has to report the breach, gets the fine and loses any credibility you had with both candidate and client when one of these inevitable breaches occur. How can you mitigate your risk? I hear you asking! You can mitigate your risk by choosing your recruitment partner wisely, assessing their product and asking questions. For example here is a recent search (November 2017) for the popular CMS system Wordpress and its associated plugins and themes https://wpvulndb.com/ It shows 9,256 vulnerabilities. There are many so called recruitment website developers that use this system, its themes and plugins to create your website so the chances are pretty high that there is already an attack vector in your website which could lead to a potential data breach. Two of the major data breaches in 2017 were on websites running Wordpress themes and plugins; these were big companies with large I.T departments so if it can happen to them it can happen to you!

Intrinsic privacy

Privacy is the bedrock of the GDPR and keeping candidate or user data secure (as above) and restricted to a subset of your employees is pivotal to your GDPR policy. Locking out prying eyes to sensitive data is integral to maintaining and audible paper trail for the ICO.

Data processing transparency

As far back as I can remember recruitment websites and job boards have collected as much data from candidates as possible with a very wide remit of how they intend on using or processing that data. They have shamelessly sold that data on to third parties, burying notification of this deep on their terms and conditions. With GDPR this will now be stopped by means of Data Processing Transparency. As a recruiter or job board you are now obliged to explain to the candidate in clear terms why you are collecting their data and what you intend to do with said data. You are also obliged to notify the candidate of ALL third parties whom you may send the data to; including ATS systems and third party CRM systems. Adding to this you also need confirmation from afore mentioned systems that they are GDPR compliant and they intend to have the same respect for the user data you have sent them including security. Knowingly sending data to a third party who is not GDPR compliant will likely result in a large fine.

Data access and portability

The GDPR also outlines criteria for users accessing data held on them and being able to export it in a format easily interchangeable between platforms. In laymen’s terms this means that you must have a section on your website or easy path for a user to view and download data you hold about them. Downloading the data needs to be in an interchangeable format; two formats spring to mind here: JSON,XML, CSV plus any of their resumes you might store. Curretnly the law allows a ÂÃ'£10 charge for this service, however, GDPR will abolish this cost and thus access requests will certainly rise. Also noteworthy is that under GDPR you will have to respond with the data within 30 days of the request.

Right to be forgotten

One of the main problems with a company holding user’ data is be able to have them remove it from their database(s) and systems. Until now there has been no clear mandate that might force a company to perform this procedure, this is in part due to ambiguity toward data ownership once it hits the company systems and infrastructure. Fortunately GDPR removes the ambiguity and states quite clearly that users have the right to be forgotten. This means that your system must allow for a user to submit a form or contact you to process them out of your platform and forget them forever, failure to do this will likely result in a large fine. There are circumstances in which you can refuse to comply with the right to be forgotten, you can view these at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/

Data breaches

Data breaches must now be reported to the relevant governing body (normally the ICO) within 72 hours providing they fall into certain criteria. The following quote from the ICO website explains this best

'You only have to notify the relevant supervisory authority of a breach where it is likely to result in a risk to the rights and freedoms of individuals. If unaddressed such a breach is likely to have a significant detrimental effect on individuals â€ââ'¬Å" for example, result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage.'

Taking this into account and with the nature of candidate data (includes a lot of history regarding the candidate which may be used to commit identity fraud) you will most likely have to notify the candidate(s) directly plus the relevant governing body following a data breach on your recruitment website.


Is your current platform ready for these changes? Can it cope with these changes before they come into effect in May 2018? My suggestion is that you contact your developers and talk to them asking them to explain the ways they implement or intend to implement the main points of GDPR and if you get stuck give us a call, we’ll happily explain the ways we already implement all of the above points and for the most part have been implementing them for years!


For more information on GDPR from the ICO website can can visit https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

Comments are disabled

About the author

As both a co-founder and director of Nodex, Alex also heads up the development for the company. Alex has over twenty years experience in recruitment, technology and how technology can be applied to recruitment to make it more efficient. All of the Nodex platforms have been developed from the ground up under the direction of Alex, who, personally hand coded a large portion of the millions of lines of code our platforms run on.

Alex is an industry authority on performance, security, accessibiity, all things web and how recruitment software ties in to the other aspects of recruitment.

More articles by Alex McAuley →

Filter articles by

What clients & recruiters say about us

Andrew, Alex and their team are highly knowledgeable and fully understand the needs of a recruitment business, which shows in the recruitment software they have developed. The CRM platform is very user friendly, has all the functionality that you would expect to see (if you don’t, they will design this for you) and is regularly updated. The set up / changeover process is swift and straight forward and the team are always there to support when needed.

I will be recommending Nodex to my network for anyone that is looking for a Recruitment Website or CRM.

(From Trust pilot)
Vet Seekers
Not only was the service exemplary, the quality of my website and CRM is outstanding. Brilliant value for money. The team at Nodex have given my business their undivided attention and care during this process. I wanted a site that was easy to use and looked slick; Nodex have delivered tremendously. The Nodex CRM is easy to use, affective and concise. I am very pleased. I would recommend Nodex in a heartbeat. Fantastic work guys, thank you very much. (From Trustpilot)
Dara Recruitment
When seeking a web designer for our new recruitment business, I initially approached a number of web design companies. Once I spoke to the team at Nodex, I knew straight away that they were the most knowledge company in their field. The service offered by the team at Nodex has been exceptional. They were on hand to offer advice, make adjustments and were very supportive from start to finish. I would recommend Nodex without any hesitation. Thank you!
Antella Recruitment
Cannot rate the guys at Nodex enough, brilliant service from start to finish. Following the initial call with Andrew we knew the guys would look after after us and we weren’t wrong. Through every step of the process we received brilliant customer service and nothing was too much bother for them. If Heineken did web design then it would be by these guys! Already onto our next website with them. (From Trustpilot)
Big Ant Group
Exceptional service!! Nodex have been great throughout. The website and Recruitment CRM is absolutely amazing and has really helped us with the day to day running of clients and candidates. We would highly recommend Nodex to any recruitment agency looking for a website and/or CRM. 10 out of 10 (From Trust Pilot)
Global Vet Recruitment
We recently migrated to the Nodex CRM, taking up the opportunity to move to a nodex website as part of a fully integrated solution. Well...WE'RE DELIGHTED WE DID! Really pleased with the user experience, it has improved work efficiency no end, and the team love it. Extremely responsive support on any queries we raised. (Via trustpilot)
Orchard Recruitment
Andrew and the Nodex team have been superb from the moment I asked for a demonstration on their CRM and i knew they would be the right business for me from them. Really easy to speak to, helpful and will go out of their way to provide first class customer service. Andrew has gone way beyond what I would normally expect and has helped me with tech issues outside of the actual Nodex products. Their CRM offers real value, easy to use and allows you to do far more than other options on the market and for a lower price! The connection with my company's website is also brilliant. I look forward to continuing to work with Nodex for the long term! (From Trust pilot)
Treasury search
A fantastic fast and easy service to use, along with a very supportive team at Nodex. Its helped spend less time on admin and more on selling. This CRM makes the workflow smarter. I would recommend it to anyone.
Global Pets Recruitment
Guys at Nodex are very knowledgeable, friendly and provide outstanding service. I was looking for a company to revamp our existing website, the team went through our old website and highlighted the issues that we needed to fix. They have done an excellent job in putting our new website. Would definitely recommend them to anyone looking to build a website. (From trust pilot)
Mera Peak Recruitment
I had a great experience working with Nodex, they were extremely helpful from start to finish, always on hand to answer any queries or concerns. They know what they are talking about and offered some excellent advice in ways to maximise the fullest potential of my business website. The whole process was extremely efficient and the team went above and beyond in achieving my company vision. (From Trust Pilot)
Hero recruitment

 

Template based recruitment website pricing

We operate a Pay Monthly solution for our recruitment platform. Pricing for this starts from £99 per month with a one off nominal setup fee of £299. This has everything you need to operate your recruitment website, including: our stellar professional website hosting, SSL certificates, daily website backups, minimal website updates and email support.

This is our preferred method of sale as it balances out the risk of a large outlay between both you and us, thus freeing cashflow to allow you to concentrate on marketing your services and growing your business.

We also offer more comprehensive monthly packages tailored to suit your needs.

Custom designed recruitment website pricing

If you would prefer a bespoke website design we can certainly accommodate your needs. Our initial build fee starts from £995. Included in your package is everything listed in the Nominal Fee Setup with the main difference being the length of your initial contract. If you would like to discuss available options please get in contact.

Each design is quoted on a client by client basis and starts with a brief, outlining your goals and requirements.

Please note that the setup fee is dependant on theme and services / functionality required for your project. Each project is quoted on an individual basis. Please get in contact to discuss your options with one of our experts today.