How to be GDPR compliant with Homerun

Being GDPR compliant while hiring is simpler than you think. Especially if you're using Homerun. Here's why.

GDPR! Perhaps you've heard of it. It's a regulation in EU law all about how companies are required to handle personal information (like candidate info). This regulation affects how you hire. In this article we explained each GDPR rule and how it relates to hiring.

We realize that the tasks that come with being GDPR compliant can be overwhelming, especially if hiring is not your main or only role. You need to regularly delete data, make sure you have permission to store all candidate info and make sure it's all accurate. All of this requires a lot of organisation and planning. This all becomes a lot easier with Homerun, a hiring tool that will help you attract talent and manage candidates. Along with powerful features that allow you and your team to hire faster and more effectively, Homerun makes it easy to be GDPR compliant. Let's get into it:

Homerun features that make it easy to be GDPR compliant while hiring:

1. Add a consent checkbox on your application forms.

When candidates apply to a job at your company, they fill in your customised application form. You can include a checkbox on this form that asks the candidate's permission for you to store the information for a specific amount of time. How long this time span is, is up to you! This is your data retention period.

How this helps you be compliant:

GDPR requires you to inform candidates what information you're collecting from them and how long you'll store it.

2. Easily find and delete candidate information in bulk.

Filters allow you to find out which candidate information needs to be deleted based on: a) the date of application, or b) the date when the retention period ends. And then you can simply bulk delete it.

How this helps you be compliant:

It might be scary to delete candidate information that would actually be nice to keep just in case, but GDPR doesn't allow you to keep this information indefinitely. You have to choose a data retention period and delete data based on this.

3. Automated emails make it easy for you to extend a candidate's retention period.

Do you feel there might be a position coming up for people in your talent pool? Ask to keep their information longer with automated emails. If the candidate agrees, then the retention period will be changed automatically without you having to do anything. You can also use this feature to get permission to manually add a candidate to your talent pool (someone you found on LinkedIn, for example).

How this helps you be compliant:

If you want to keep candidate information longer than you've asked permission for, you have to ask the candidate's consent to extend their retention period. You also have to ask permission to store any information from candidates you've found yourself (sourced).

4. You can link to your privacy statement in all of the relevant places.

Upload your privacy statement once and it'll be linked on your career site, job posts and application forms. Rest assured that your providing candidates with full transparency on all of your hiring pages.

How this helps you be compliant:

GDPR requires you to be extremely explicit and transparent about what data you collect for what purposes. This requires a more extensive explanation: a privacy policy. Your privacy policy needs to be easily accessible for candidates. It's also a good place to mention how you're handling cookies (more on that below).

5. Easily place cookie notices on your career site and job posts.

With Homerun you can make use of tracking cookies that are used to enrich jobs posts and measure the success of your hiring. You can also add your own cookies with custom code. If using these cookies, you can easily add a cookie notice that allows visitors to opt in to being tracked by your cookies. In your cookies notice you can link to you privacy statement.

How this helps you be compliant:

The information that cookies track also counts as personal information. That's why you have to inform your candidates what information you're tracking, what you use it for and how long you store it. It's also required that your page visitors opt in to being tracked by cookies. That's why the cookie notice gives the choice to leave the Homerun page without any tracking cookies, or to click Settings to select which cookies they want, or do not want.

6. You have full control over what your team has access to

Perhaps not all candidate information should be shared with everyone who is involved in your hiring process. You can give different permissions to different people. For example, you can give your company copy writer access to the live editor of your career site while locking away personal candidate information.

How this helps you be compliant:

Part of GDPR is about keeping candidate information safe. This means taking careful measures to make sure personal candidate information doesn't end up in the wrong hands. It's good practice to only give team members access to this information, if they really need it.

7. You can rest assured that Homerun has you covered when it comes to all things GDPR, security and privacy.

We've done our research and implemented everything you need to hire while being GDPR compliant. We take privacy and personal data protection into account in every aspect of Homerun's intuitive hiring tool. For example we make sure all our data is safely hosted in the EU and that all of our services are secure (HTTPS). For more info on how all of these features work have a look at our help center. If you have any questions about Homerun and GDPR please reach out to our privacy officer, Rita at privacy@homerun.co.

Related articles

Start your free
Homerun trial today