Under the GDPR, candidates can request a copy of all the information you hold about them.
This is known as a Subject Access Request and must be responded to without undue delay. The information should be provided free of charge and normally within one calendar month of the request being received unless the request is considered excessive when longer timescales can be agreed.
Many organisations however, fail to recognise that when a candidate requests a copy of their personal data, this also includes information such as interview notes.
It doesn’t matter whether the interviewer has handwritten their comments or submitted them directly onto your recruitment software, this is information that the candidate has a right to see and is aware that you hold.
Handwritten notes therefore present a number of potential issue for example:
- Where are these handwritten notes stored?
- Are they uploaded to the candidates account?
- Would an interviewer be able to easily access any notes they made about a candidate they interviewed 3 months ago?
- What happens if the information was lost?
Equally with handwritten notes, the candidate is also aware of how much was written about them – What if only some of the information was uploaded? Can you confirm that the information uploaded is the same as the information written during the event?
With this in mind, many organisations are now creating structured feedback forms and requesting that all notes are added directly within their ATS. Thus ensuring that all personal data is kept securely online and is easily accessible should this be required.
How do your interviewers record their interview notes? Is it time to make a change of your processes?
As an organisation, networx have undergone extensive GDPR training and are recognised as fully Certified GDPR Practitioners.
Whilst every effort has been made to ensure that the information included in this article is accurate at the point of release this should not be relied upon as legal advice or be used to determine how GDPR will apply to your organisations.
We encourage all organisations to seek the advice of a legally qualified professional to discuss GDPR and how best to ensure compliance.