Recruitment professionals receive and handle sensitive data from their candidates and applicants on a daily basis. Data can range from identification, work history, education and contact details – all of which must be handled properly throughout the recruitment process.

Handling and storing data has made its way to the top of every recruiters’ priority list in recent years, with the introduction of GDPR in 2018 being a landmark moment for everyone to consider data protection as a necessity. So, how can recruiters make sure they are sticking to the guidelines and handling sensitive data properly?   

Handling personal data with care

Before a candidate submits or agrees to provide their data to you, they need to be informed as to why you need specific information, what you will do with it, how it will be stored, how the applicant can retrieve, amend or delete it and how they can use their right to anonymity. Being transparent and cooperative about handling an applicant’s data creates respect and trust for all parties. Data collection can only begin once a mutual agreement between the applicant and the talent professional or company has been formed.

By law, specifically recent data protection legislation, an individual’s sensitive personal information is protected. This means that companies who use someone’s data without having gained their prior approval or are negligent in their use of that data are culpable for causing severe harm to the individual as well as fines or court cases for the misuse of data. Companies should have a comprehensive privacy policy that upholds the promise to protect a user’s data while they collect, handle, process, use and transfer it.  

Ensure you process data in accordance with regional and global laws or which complies with data privacy legislation. When recruiting remotely or internationally, it’s important to understand regional data security requirements and requirements in addition to the international laws that apply to the sensitive data you receive. For example, if you hold data from people who are governed by EU laws, know and understand the General Data Protection Regulations (GDPR). Data that ends up in the wrong hands can be detrimental. Not only does it mean that a data owner’s rights have been violated, but the company that facilitated or caused the breach can get in serious trouble.

Safe and secure data storage

It’s no secret that there’s a wealth of resources and tools available to the recruitment community to support various stages of the hiring process. From receiving resumés and cover letters to requesting good standing certificates and identification documents, the need to store personal data securely is warranted. Beginning with a company’s website, process candidate information securely to safeguard it from cybercriminals or hackers. Internally, establish processes where only relevant recruitment staff can access candidate resumés and data. Create a method of how and when to erase successful and unsuccessful candidate data. Secure your data collection activities online from hackers using a reliable VPN that will encrypt your web traffic. Employ trustworthy security software to safeguard company devices and the sensitive information they contain. Update your software regularly so these improved security measures can protect your device and the data. 

Only obtain what you require

To streamline processes, only collect information necessary for accurate hiring decisions. Are your questions and data collection points relevant to the role advertised? Are political, religious and cultural belief questions mandatory for the job, or might they cause unnecessary discrimination? Use high-level security folders or resources to store the information you collect on each applicant. 

Encryption is key

Encrypted emails should be a company-wide standard to protect third party abuse or hacking of a candidate’s sensitive information. Recruitment related email encryption can protect sensitive data from external and internal threats and malicious cyber crimes. Set complicated passwords for email accounts, device sign-in, social network accounts, recruitment platforms and databases. Ensure no two passwords are the same and reset them regularly. 

Utilise IT

If a company doesn’t place technology at the forefront of its hiring processes, IT consultants or professionals can inspect systems, processes and activities to pinpoint any weak points for cybercriminals to infiltrate. Data security is not a task to be second-guessed. Reputable IT solutions and professionals can help this cause. 

Blockchain: the unlikely hero?

Companies that use fully digital recruitment platforms are at an advantage as they can interact with a pool of pre-verified candidates who control how they share their data and with whom. 

The use of cutting-edge digital technologies such as blockchain adds another layer of protection to an applicant’s sensitive data throughout the hiring process. User-centric and technology-led data storage allows hiring companies to focus on the most critical task at hand — hiring the best candidate for the role. 

Companies should plan ahead and have a data protection strategy in place to evade harmful cyber threats, security risks, sensitive information leaks and data misuse. Innovative technology, such as blockchain, is a secure way to improve data security and data collection processes.

Treat your applicant’s sensitive information just as if it were your own.