A great candidate experience is usually near the top of the list of recruitment priorities for most organisations. The better the candidate experience, the more likely unsuccessful candidates are to reapply, and the more likely successful ones are to stay. First impressions count – and in the war for talent it is vital that organisations make a good one.

Self-service candidate portals are one such way to facilitate a good first impression. A self-service candidate portal is a web application where candidates can log in to your careers site, upload documents and apply for multiple jobs without having to start from scratch every time. Candidates can also track the progress of their application, schedule interviews and communicate with internal recruiters in a centralised and secure way. But with the General Data Protection Regulations (GDPR) coming into force in May 2018, a self- service candidate portal may also be the best and most cost effective way for your organisation to promote compliance with the new regulations.

For recruitment, the primary GDPR consideration is how long your organisation retains an individual’s details for. After all, there are very good reasons why you may wish to keep hold of a candidate’s details, regardless of whether they were successful in a job application or not.

Why keep hold of candidate data?

One of the main reasons to keep this information on file would be to recall those details for future opportunities. Proactively contacting a talent pool of previously screened and vetted candidates can save a huge amount of time and energy for all parties involved.

Another strong reason to retain personal information would be to mitigate the possibility that unsuccessful candidates may claim discrimination and take your organisation to a tribunal. As the statutory period for following through with this type of action is three months, there is a clear requirement to keep hold of this data until that period has passed.

The peril of non-compliance

If you intend to keep hold of candidate data, the new legislation obliges companies to make it very clear to candidates how their information will be used. This will need to be at the point of collecting that data, whether that is online or via a physical application form.

This is not the end of the organisation’s obligation, however. The legislation also gives individuals the right to request that an organisation reveal what personal information they hold on file. Companies are required to meet these subject access requests (SAR) within 30 days without cost. They will also need to give these individuals the ability to amend and delete this information.

GDPR could, therefore, be an administrative burden on already stretched HR departments. A few simple SARs at the wrong time could, at best, mean a few late nights for the team, at worst they could be overlooked. Filed away or forgotten – the consequences of this oversight could be serious, and may even be reported to the ICO.

Engaging candidate experience

To prevent these tasks becoming overly burdensome, organisations will need to adapt and enhance existing tools and processes.

The simplest way to achieve this and promote GDPR compliance is to provide candidates with a self-service portal. Here, candidates can check the data that is held, such as contact information, and update the details themselves. Using these tools, a SAR could become much less time consuming and save HR teams a major admin headache.

Self-service portals have another key benefit: they involve candidates in the process. The candidates themselves have a level of control over their data, which is remarkably empowering. It creates a new touchpoint between candidate and organisation, adding a new level of engagement to the candidate experience.

In this way, self-service candidate portals are likely to increase in popularity as the dominant way for candidates to apply for opportunities online.