Close this search box.


GDPR-proof management of candidate data.

Governments, businesses and associations must comply with the European General Data Protection Regulation (GDPR). This means that you are required to handle personal data carefully and securely. Ubeeo ATS helps you become completely GDPR-proof.

Why is GDPR important?

The GDPR improves protection on the privacy of citizens, and that includes the candidates. The legislation prevents personal data from being made public unintentionally, or being used without permission.

The law applies to all companies and to everyone who processes personal data. This is also the case if you collect personal data for recruitment and selection. As the provider of the Ubeeo ATS that processes this data, this also applies to us.

As a recruiter, or in another role, you manage candidate data, i.e. personal data. This includes names, telephone numbers, addresses, email addresses, photos and additional information about religion, ethnicity and health. Ubeeo ATS helps you become completely GDPR-proof.

Oo – 1

How do you meet the necessary GDPR criteria?

Publish a clear privacy statement on the careersite, in which you explain what data you collect and why. Do you have a diversity policy, for example? This may be a reason to ask about gender. Determine within the organisation what data you intend to collect, how, and why.

And if you share it with third parties.

And ask candidates for permission if you want to keep data longer than necessary to follow up on a vacancy that is currently in progress.

Candidates have the right to inspect all data you collect about them, including notes from conversations, information you collected through third parties, tags you provided and profiles added in talent pools. Candidates also have the right to erase their personal data. You are obliged to respond this request within a month.

Tip: did you know that a blacklist for recruitment within the GDPR is not automatically permitted? Read our blog to find out how this works.

Combine our fresh web design with seamless integration.


Become 100% GDPR-proof with Ubeeo

Ubeeo automatically determines the retention period for each candidate. One week before this period expires, candidates receive a request to renew their account. If they don’t renew? Then Ubeeo anonymises the data. We even replace the unique number in the database, to make sure that lists can no longer be linked. The data will be deleted after 3 calendar years, because the mandatory reporting period will expire.

Candidates log in to the candidate portal after submitting their application. There they can view their data, delete the account or extend the retention period.

Give hiring managers and other evaluators access to system components to retrieve resumes and other data. Prevent unsafe emails with candidate data.

Tools that automatically store data from LinkedIn profiles, for example, are blocked. It used to be the wild west, but now it’s 100% GDPR-proof.

ISO27001 and ISO27018-certified: for privacy protection

At Ubeeo we back up our promises. Therefore we are ISO27001-certified and ISO27018-certified . The ISO27001 standard guarantees data security across the board. We are also certified for the ISO27018 standard, because it specifically applies to cloud providers that process personal data (Personally Identifiable Information, PII).