As part of our on-going series of breakfast forum events that we host for in house recruiters in the North East (UK), Muckle LLP led us through the upcoming GDPR regulations, and specifically how this affects recruiters.


However, we feel that if you are currently following best practice, with a few tweaks and a bit of due diligence, May 2018 shouldn’t fill you with dread.


GDPR Checklist

  • Understand and map each piece of data
  • Think – why are you using the data, how long do you need it for?
  • Have you got explicit consent?
  • Do your third-party suppliers have consent?
  • Refresh your data

The ICO provides more detail on helping you prepare.


GDPR Principles

Fair, lawful and transparent processing

Personal data must be processed lawfully, fairly and in a transparent manner.

Specified purpose

Personal data may only be collected for a specific, explicit and legitimate purpose. If you pool candidates for example, you’ll need to check with the individual.

Data minimisation

Limit the data stored to only what is necessary.


You must ensure data is accurate, and an individual has the right to challenge or update their data.

Data retention periods

You must not keep data for longer than necessary – in recruitment that may be a year, but you need to be able to justify this and refresh consent where appropriate.

Data security

You must protect against unauthorised or unlawful access to your data, using technical measures and appropriate processes.


The controller (probably you!) is responsible for and must be able to demonstrate compliance.


Next Steps

 As a recruiter, you need to be aware of how GDPR will affect your processes. It is an area your wider organisation should be looking at, so find out who is responsible and ensure that there is a strategy in place to make sure you are compliant.


There are plenty of specialist legal resources available that can help, and organisations such as the Recruitment & Employment Confederation (REC) are running workshops and providing legal advice.