Close this search box.

GDPR for recruitment: the end of the talent pool?

The General Data Protection Regulation (AVG) is important for any organisation and especially for recruiters’ talent pools. For candidates you see at an event, come across on Facebook and LinkedIn, or those who apply for jobs and, unfortunately, aren’t quite the right fit. Useful data to nose around in later on, but unfortunately that is no longer allowed….

How do you handle candidate data under the GDPR legislation?

The language pool is a common and effective method of gathering and retaining talent. In fact, data is collected and retained, which means you have to comply with the GDPR legislation. You must ask permission to collect the data, specify the purpose for which you are doing so, and make the data both clear and transparent.

GDPR legislation: think about your talent pool

GDPR legislation applies Europe-wide and can be enforced on a large scale. Authorities can impose a fine in the amount of 4% of turnover up to a maximum of 20 million euros for each violation under privacy law. If a candidate requests access to data collected about him or her and it can’t be provided? Or is it not possible to completely erase the data from the systems? It can, in theory for the time being, lead to large fines.

Note: you are responsible in a practical sense as a recruiter, but the company is ultimately liable. Therefore, it is important to discuss the GDPR legislation internally and develop appropriate measures.

The General Data Protection Regulation (GDPR) is the international name for the Dutch AVG and does not allow for the traditional talent pool. Collecting and storing data randomly was already officially never allowed, but the regulations for this have become a lot stricter. Moreover, candidates are more aware of their rights, so you will have to be more careful about this as a company. A talent pool is a candidate database with a lot of data, making it important to manage it properly.

Exercise: where did the data go?

Many recruiters are not fully aware of all the data they collect and where it ends up. That’s not surprising either, as evidenced by an exercise you can easily do yourself.


Gather all the data you collected from the last 15 candidates. More importantly, find out where that data ended up. Did you perhaps share anything with colleagues, are the printed papers on your desk or have you stored them digitally in multiple locations? And who has access to that data? And who might also have made a printout to work on it elsewhere?

You will find that candidate data spreads at lightning speed and you will find it difficult to make it clear and transparent. This is important, in order to comply with the new GDPR legislation.

Make recruitment data clear and transparent

The talent pool is enormously valuable, and thanks to technological advances, data collection and retention is easier than ever. Meanwhile, keep in mind that new privacy laws have come into effect and candidates are becoming more aware of their rights when it comes to personal data.

At Ubeeo, we always ask candidates explicit permission to store their data. We have administrative procedures to prevent errors and also provide opportunities to create new contact moments. For example, as soon as you want to ask if you can use a candidate’s data a little longer so you can highlight a new job opening or other valuable information.

Curious about how we at Ubeeo work 100% GDPR-proof and how we can help you with that? Call us at +31 (0)10 820 29 10 or use the contact form.