GDPR Compliant Application Forms

Having an ATS does not guarantee compliance with the new GDPR legislation. What it does do though is allow you to centralise all your applicant data in one system. We have and continue to prioritise features that help our customers stay the right side of this new legislation. See below for how EasyWeb ATS does this.

Application forms

All of our application forms can be integrated to include a link for applicants to view your privacy policy. It is a requirement of the new GDPR regulations, which become live in May 2018, that all organisations holding personal data can show that they have gained explicit consent from each user that they are holding data for. See below for how our application forms and job alert registration forms look to gain this consent.

Privacy Policy on Pre-Application Form

Privacy Policy on Job Alerts Registration Form


Automatic deletion of data you no longer have permission to hold

As you probably know, you cannot just hold onto data forever. Your privacy policy needs to clearly state how long you plan to hold onto this data without seeking additional permission from the applicant.

EasyWeb ATS helps to automate this process by allowing us to set a time limit that matches the time limit set out in your privacy policy (see below):

As this expiry date approaches the system will send out emails to the candidate seeking to re-authorise the holding of this data. If the candidate clicks the link to authorise this, the system “resets the clock” on the expiry data. This ensures that data within the ATS can never be held beyond the terms stated in your privacy policy.


Highlighting to applicants when auto-reject questions are being used

The new legislation makes it a requirement for organisations to highlight and gain permission from applicants when they are using automated systems to process their application. As our ATS allows all recruiters the option to use these questions to automatically reject applicants at the point of applying, we will need to display an additional mandatory question to get applicant’s to agree to this when applying to jobs that are using auto-reject questions.


Additional ATS features for GDPR compliance

The following are some Additional ATS features for GDPR compliance that we have also implemented

  • Removal of options for users to forward via email and download applicant’s data

Forwarding via email an applicant’s details to a colleague involved in the recruitment process, is not a breach of GDPR. However, by using the options in the ATS to forward details via email and download details you are increasing the number of places where applicant data is stored and therefore making it harder to maintain compliance. In the coming months, we will be making our ATS configurable so that options to forward via email and download data can be removed for organisations that request it. Users, such as hiring managers, who require access to this data, will need to login to the system to view it.

Upcoming ATS features for GDPR compliance
  • Subject Access Request (SAR) export

GPDR requires organisations to respond promptly to Subject Access Requests. EasyWeb ATS, will shortly be able to provide an export of all of a candidate’s data held in the ATS. This will help our clients to respond quickly and reduce the admin burden on them having to collate information for lots of different parts of the ATS.

Feature is due for release in September 2018


Previous Next