Back to Blog

What I’ve Learned about GDPR from Talking with Bullhorn’s Customers

by on

G-D-P-Are you ready?

Wow. I heard someone say this phrase last week, and now I can’t hear “GDPR” the same.

You’re probably tired of blog posts about GDPR, especially since they’re often not actually that useful. For writers to protect their liability, most blogs start by saying that you need to do your own research and seek your own legal advice.

Which is undeniably frustrating, because you’re probably reading the blog post in the first place as part of your research to better understand GDPR and figure out what to do next!

With that said, let me start by saying that you do need to do your own research and seek your own legal advice (sorry, had to be done).

The truth is, each recruitment agency is unique, and compliance with GDPR will look different for everyone.

While I can’t give legal advice, I’m not just writing this blog post to get clicks. I’m writing it to share recommendations for valuable resources and feedback that I’ve received from other recruitment professionals like you that might be helpful!

Understanding GDPR as a Recruitment Professional

With a million resources available on the web, here are the two most common things I’ve heard from our customers about what was most useful in helping them understand the regulation:

  • The information on the ICO site clearly outlines the core principles of GDPR and connects all the different aspects of the regulation.
  • If reading legal jargon isn’t your thing, listening to a recruitment expert talk about GDPR on the webinar series that Bullhorn hosted, led by Lucy Kendall from ComplyGDPR, is also a great option.

After checking out the ICO website’s information and/or listening to the webinar series, most customers come to the same realisation that there are three key steps agencies should take: Audit, Take Action, and Document. It’s important you take ownership of this, as ultimately the onus is on you, as a data controller, to be compliant with GDPR.

Coming out of this process, one of the more debated topics is which lawful basis makes the most sense for your business. Here is a great tool from the ICO that walks you through the options.

Legitimate Interest vs. Consent

The feedback I get most often is on the issue of determining the difference between legitimate interest and consent. Here are some helpful resources to navigate the tricky subject :

  • The word “consent” is overused, make sure you understand exactly what it requires and that you and your company are confident in your interpretation.
  • Here’s a great article from the ICO about legitimate interest, including a common recruitment example where a recruiter finds a CV on a job board site and relies on legitimate interest to process the information.
  • Remember this webinar from Lucy Kendall at ComplyGDPR? Below are the times where she discusses legitimate interest vs consent:
    • 6:50 – 12:55 (introduction to the differences)
    • 43:55 – 46:08 (sourcing candidates from LinkedIn)
    • 53:40 – 55:01 (strict consent requirements)

Making Sense of the Individual Rights

The final area that I get asked about most is the Individual rights under the GDPR. Depending on which lawful basis you decide to rely on, there are specific rights that the individual (data subject) has, and you as the recruitment agency (data controller), need to be able to support these. You can read all about them here. The ones that I’ve been asked most about are:

  • Right to be Informed:
  • Right of Access
  • Right to Data Portability
  • Right to Erasure

Rest assured, Bullhorn has built some really great functionalities to help you achieve your GDPR compliance goals. Additionally, we partner with the best recruitment technology providers in the industry. These companies are renowned for creating turnkey solutions to help you better manage GDPR compliance and deliver an incredible customer experience.

I hope you found this post valuable. Want to continue the conversation? Tweet me at @_TomBennett. If you have specific questions about Bullhorn’s functionality, please get in touch with us! 


Is your recruitment agency ready for the GDPR? Read GDPR Explained for a breakdown of how the GDPR impacts recruitment agencies and practical advice to help you prepare your business.