• by Ray Schultz , March 22, 2018

Most companies are ready to recruit candidates under the General Data Protection Regulation (GDPR). But they are worried about the impact of the new law, according to How Companies Plan To Recruit Under GDPR, a study by Lever.

Of 500 professionals surveyed in the U.S. and EU, 73% are working with legal counsel to prepare and 28% are budgeting significant resources. Over 70% say they are prepared for GDPR.

However, 61% are concerned about the impact of GDPR on recruiting. And they are taking different measures to comply.

For example, 25% plan to keep data on candidates or three months. But 23% will dispense with it as soon as the job closes.

Another 14% will retain data for one month, and 10% for six months. In addition, 12% will keep it for one year, and 12% for more than one year.

On another question, 40% will collect prior consent to contact candidates for jobs to which they did not apply, and 37% will collect consent to email candidates they source. In addition, 26% will ask for consent to retain data on candidates who were in their systems prior to May 25 -- the date of GDPR implementation.  

“One size does not fit all,” the study notes. "Companies are taking different approaches as to when they collect candidate consent, how long they will store candidate data, and what they do with candidate data after the retention period expires."

Lever reports that the respondents are very concerned about :

• Maintaining full records of all processing activities — 52%
• Determining when to get consent from candidates — 50%
• Determining how long to store a candidate’s personal data before deleting it or obtaining consent — 47%
• Selecting software vendors who will enter into GDRP compliant contracts and meet data security requirements — 46%
• Responding to candidates’ individual rights requests (e.g., for access, notification deletion of personal data, etc.) — 45%