GDPR’s Unintentional Role in Improving Candidate Experience by Ankita Poddar

Once upon a time, ATS systems stored millions of stale resumes of any candidate that happened to cross its path. When new roles opened and well-meaning human beings attempted to apply or refer, these systems would mostly say, “Resume already exists in database.” If one were lucky, the ATS would say, “Hey! New resume. Let me replace the old one” and if luck had truly run out, it would save two versions leaving the poor recruiter confounded. Then suddenly, GDPR happened. Well, in all fairness, the world had two years to prepare but given the love of last minute manic madness, it surely feels like suddenly.

Imagine a world where you could collect data of only those candidates who you intend to reach out to within 30 days. Sounds outlandish, doesn’t it? With GDPR, recruitment now has a fresh chance to re-think its modus operandi. Candidate data security hasn’t received its due attention and it is finally time to get around to doing it right.

The more I think about it, the more I realize that with the many processes that GDPR nudges us to rethink, there lies an opportunity to amp candidate experience to the next level. All the things GDPR requires us to do, we should have been doing a long time ago. This change could end up being the punchline in our employer value proposition. It is a fantastic way to say ‘we care’ to all potential candidates. Let’s take a look at how GDPR is going to impact candidate experience at three different points of time and why it’s a good thing.

Reaching out to a candidate for the first time  

With GDPR in place, one now needs to source candidates for a specific, legitimate reason instead of aimlessly building the talent pool. If you have sourced candidate information, it is advisable that you reach out to them within 30 days. When reaching out, let them know what data you hold about them or direct them to a place that gives them further information regarding this. Let candidates know that the organization collects only information that directly influences a hiring decision. Any other data such as ethnicity, age, etc. not necessary for recruitment purposes will not be collected. Taking time to do this at this stage makes for a very pleasant experience for a candidate. After all, who doesn’t appreciate transparency?

Closing the loop

There exists a golden rule in recruitment - while you will definitely keep in touch with successful hires, it is also important to let the others know that they didn’t make it and why (Auto-generated e-mails are CHEATING!). Once again, GDPR is here to help. GDPR requires that we delete all data about candidates who will not be considered for further roles. If it is determined that a candidate is unlikely to be qualified for future roles or is no longer relevant, then their data must be deleted. Hence, once the role has been filled, reach out to unsuccessful candidates to let them know what you intend to do with their data. If you’d like to keep a candidate in your talent pipeline, inform them you are processing their data. Also, let them know how long you intend to keep the data. If it is for a period of one year, at the end of the year, it is required that you either delete the data or send out another note stating that you are retaining it for longer. This gives a chance to personalize rejection emails and stay in touch with a potential candidate.

Data Requests

A big part of remaining compliant with GDPR is to be able to help candidates exercise their rights under this law. Under GDPR, candidates can now ask for access to data (their own) that the organization stores. Candidates can also request organizations to modify or delete the data that they hold. Given the 30-day window within which these requests need to be serviced, recruitment teams will now need to scrub their tools and systems in order to comply. It is necessary to make it easy for candidates to understand the guidelines and process to request, modify and delete personal data. The process in itself too, needs to simple and easy. Ensure that you communicate these processes clearly on your website and/or your terms and conditions. Your candidates will thank you for it.

Of all the consequences that GDPR has on the world, improved candidate experience may well be the best unintentional outcome. It presents us the opportunity of a fresh start and improved experiences. Take it and run with it. It might just be key in making you their preferred employer.


This article is brought to you exclusively by The Business Transformation Network.


Ankita Poddar is HR Business Partner at Amazon

Ankita is an HR professional based out of India. Identified as one of the top emerging young HR leaders in India in 2016, Ankita’s experience as an HR Business Partner gives her the opportunity to work closely with business leaders, innovate and execute on the behalf of customers especially in areas of people analytics, employee engagement, rewards and recognition and performance management.

Ankita blogs about all things HR at

You can follow her on Twitter @ankitapoddar.