Forecasting the future of recruiting operations with Jeremy Lyons


GDPR (General Data Protection Regulation) is a piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union. The regulation will come into effect and be enforceable on May 25, 2018.

General Data Protection Regulation (GDPR) replaces the Data Protection Directive (DPD 95/46/EC) and enhances the rights of EU individuals over their data and strengthens data privacy. GDPR will fundamentally change the way organizations across the planet approach data privacy.

Despite being a European Union regulation, GDPR impacts all businesses across the world that process or control data of European citizens.

What is the aim of GDPR?

The main purpose of the GDPR is to offer EU citizens (including the UK) a high level of protection from data breaches and strengthening the privacy of an individual's personal data. Under GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).

GDPR grants people i.e the customers, citizens etc, a range of data subject rights, which they can exercise in certain conditions or situations, albeit a few exceptions.

In summary, here are some of the key changes to come into effect with the upcoming GDPR:

  • Expanded rights for individuals
    The GDPR provides expanded rights for individuals in the European Union by granting them, among other things, the right to be forgotten and the right to request a copy of any personal data stored in their regard.
  • Compliance obligations
    The GDPR requires organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records of data activities and enter into written agreements with vendors.
  • Data breach notification and security
    The GDPR requires organizations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations.
  • New requirements for profiling and monitoring
    The GDPR places additional obligations on organizations engaged in profiling or monitoring behavior of EU individuals.
  • Increased enforcement
    Under the GDPR, authorities can fine organizations up to the greater of €20 million or 4% of a company's annual global revenue, based on the seriousness of the breach and damages incurred. Also, the GDPR provides a central point of enforcement for organizations with operations in multiple EU member states by requiring companies to work with a lead supervisory authority for cross-border data protection issues.

How Recruit CRM complies with GDPR?

Recruit CRM fully complies with GDPR in our role as a data processor. GDPR is a complex piece of legislation and we've been working with privacy experts and our attorneys to be sure we're completely compliant with GDPR.

Here's a high-level overview of what all we have done in order to be GDPR compliant.

  • Appoint a Data Protection Officer
  • Thoroughly research the areas of our product and business impacted by GDPR.
  • Rewrite our Data Protection Agreement (Privacy Policy)
  • Develop a strategy and guidelines for how to address the areas of our product impacted by GDPR.
  • Perform the necessary changes/improvements to our product based on the requirements. (You can find the details in the “Acknowledging Data Rights” section)
  • Implementing the required changes to our internal processes and procedures required to achieve and maintain compliance with GDPR.
  • Thoroughly test all of the changes to verify & validate compliance with GDPR.
  • Communicate our compliance through our website.

Acknowledging data rights

Here's a detailed log of the eight essential data subject rights and what we have done in order to facilitate the rights in accordance with GDPR, to ensure the privacy and security of our customers:

1. Right to be informed

What does it mean?
Individuals have the right to receive clear and accurate information about how a business has acquired their data, who is processing the data and why, and how will it be stored and used.

How Recruit CRM complies?
When candidates use the job application page to apply to jobs, Recruit CRM gives candidates an opt-in button with a privacy document that tells candidates how data will be used. When you manually add candidates into the system it is your duty as a “Data Controller” to inform your candidates about how you will use their data.

2. Right to access

What does it mean?
Individuals will have the right to request access to the personal data that the organizations own about them.

How Recruit CRM complies?
Our “Update Resume” Feature allows you to send your candidates a link they can use to access all the information you have stored about them.

3. Right to rectification

What does it mean?
Candidates will now also have the ability to edit, update and rectify any missing or incorrect or outdated information that has been stored about them.

How Recruit CRM complies?
With our “Update Resume Feature,” you can send your candidates a link that they can use to update their information or resume/CV.

4. Right to erase

What does it mean?
Candidates will be able to request the organizations to delete their personal data or submit a “request to be forgotten” at any time if they no longer want their data to be stored or processed.

How Recruit CRM complies?
If a candidate or client requests that you delete their information, you can simply select their record in Recruit CRM and click on delete. We erase the record and all associated files immediately.

5. Right to restrict processing

What does it mean?
Individuals have the right to request a restriction on the processing of their personal data, pertaining to certain conditions or circumstances. When processing is restricted, data controllers are permitted to store the personal data, but not use it. An individual can make a request for restriction verbally or in writing. Organizations will have one calendar month to respond to the request for restriction.

How Recruit CRM complies?
If a candidate asks you to not delete but restrict their profile. For example, keep it in your system but not send them messages about new opportunites or send their profile to hiring managers. To help you stay compliant, Recruit CRM lets users tag candidates so that they are no longer sent to hiring managers or contacted for open job opportunities.

6. Right to data portability

What does it mean?
Individuals have the right to transfer data from one electronic processing system to and into another electronic processing system at will, and if requested, companies have the new GDPR standard of 30 days to comply to the request. For eg: switching from one social network to another or from one cloud provider to another.

How Recruit CRM complies?
To extract your data from Recruit CRM, Click on Admin setting on the left side bar and go into Account, here you can click on the “Export Data” and you will be able to download a zip file with all your data.

7. Right to object

What does it mean?
Under GDPR, candidates have the “right to object” i.e the data controllers can say that they no longer want the personal data processing to be carried out. In practice, the data subject can exercise the right to object more so with things related to direct marketing.

Recruit CRM complies?
We let users tag & filter candidates & contacts that don't want to receive emails. This allows candidates and clients to opt-out from any communication from the recruiter.

8. Rights in relation to automated decision making and profiling

What does it mean?
GDPR has provisions on making a decision based solely on automated means without any human involvement. And also automated processing of personal data to evaluate certain things about an individual i.e profiling. Profiling can be part of an automated decision-making process. GDPR applies to all automated individual decision-making and profiling.

How Recruit CRM complies?
All activity in Recruit CRM, from the submission of eligible candidates to job openings to emailing contacts is done by a 'human' user who makes the decision to perform that specific action.

Advanced Security

In case your data is stolen or lost, and if the concerned data breach could harm you, then it is the job of the data processor to inform you about the data breach without any undue delay. In the light of recent malware attacks like WannaCry, Meltdown this right is of utmost importance to the individuals.

As a software company, we take our customers data and its security very seriously. All your data is encrypted and stored in world class data centers managed by Amazon Web Services (AWS). We also use many services provided by AWS to ensure that data is frequently backed-up and available.

We have implemented dozens of changes and taken lots of steps in order to help you embrace changes brought about by GDPR, as easily as possible, while continuing to focus on our mission of making recruiters lives simpler with awesome software.


This information should serve as background information to help you understand how Recruit CRM has addressed some important GDPR requirements, that you are legally obliged to comply with, under EU laws.

If you have any queries, you may send them to support@recruitcrm.io

Last updated: 20.07.2023

Forecasting the future of recruiting operations with Jeremy Lyons


⏳ Limited spots left. Register now!