Recruitment agencies, there’s no need to panic. Chameleon-i can help your organisation get GDPR-ready – and stay compliant.

There isn’t long to go before GDPR hits.

Any organisation found not to be compliant risks a fine of up to €20 million euros, or 4% of the company’s global annual turnover.

This is an ideal time for a business, to view this as a chance to sort out their data.

Don’t see it as losing out.

Instead, look it as a chance to get organised and more importantly – hold a database full of relevant people for you and your recruiters.

Can’t wait to be GDPR-ready? Click below to head straight to the information you’re most interested in:

Remind me again what GDPR means?

Before we tell you about how wonderful E-mail Integration is, and how much you’ll love that our GDPR module saves you time, let’s remind ourselves what it all means.

GDPR will be enforced on the 25th May 2018 and the initialism stands for ‘General Data Protection Regulation’. Replacing the 1995 Data Protection Directive, GDPR stands to protect the private and personal data of people.

Examples of personal data include your name, surname, location data, a cookie ID and an e-mail address. In a nutshell, personal data refers to any information relating to an identified, or identifiable human.

A breach of data protection is where data that is sensitive, confidential, or protected is disclosed without authorisation – it is this breach that could result in a fine for your organisation.

What does GDPR mean for recruitment agencies?

All organisations, including recruitment agencies, must focus on the following three things – responsibility, consent and transparency.

  1. Responsibility
    Your agency must take full responsibility for compliance. You must be able to demonstrate in records, all stages of consent between yourselves and your candidates.
  2. Consent
    Each processing activity you undertake requires separate consent. Promotional e-mails, vacancy registration – as soon as they have signed up with you, the user must be told what their personal data is for.
  3. Transparency
    Any CV submissions to employers must be for a valid and specific role, and the recruiter must provide the candidate details of this role before the CV is sent.

Two roles have been established for personal data process:

  1. The Controller
    This person determines the means and purposes for personal data processing
  2. The Processor
    This person is responsible for processing personal data on behalf of the controller

For more information on controllers and processors, visit the ICO GDPR guidance report.

GDPR enforcement + penalty information

If an organisation is found not to be compliant with GDPR, they could face one of two types of fines:

  1. Up to €10 million, or 2% annual global turnover (whichever is higher)
  2. Up to €20 million, or 4% annual global turnover (whichever is higher)

The GDPR fines are not mandatory, they will be imposed on a case-by-case basis.

The Information Commissioner’s Office (ICO) will determine these cases, and in doing so, will consider the nature, gravity and duration of the infringement, among other aspects.

How to get your candidate information GDPR-ready

Firstly – don’t panic. It’s not all doom and gloom.

We at Chameleon-i have made life very simple for you with E-mail Integration and our GDPR module.

Please contact us if you would like any help with our module.

The first will help you to organise your data and make sure you’re compliant. The second allows you to keep on top of your data and make sure you remain compliant.

You’re safe with us.

It’s important to view GDPR as a chance to take a closer look at your database and get rid of irrelevant data.

When it comes to organising your data, we can do all the hard work for you:

We can help you find duplicates and merge your records together

Chameleon-i can find all the duplicates in your database. Once found, these records can be merged together, meaning you’ll get rid of unnecessary entries.

Not only is this a great way to clean up your database, it means that you’ll have a correct understanding of who you have.

We can help you get rid of clients with incomplete contact details

Perhaps you’ve forgotten to get anything further than a name – this data is useless to you and we can help you delete these incomplete records from your database.

We can help you cleanse your data by not keeping anyone older than X

Why are you holding onto data from years and years ago? It’s highly likely that these people are no longer relevant to your business.

Choose to act now and delete this information. There’s no need to keep incomplete data that is of no use.

View all candidate and client relationships within our recruitment software

With Chameleon-i you’ll have a communication trial that will demonstrate your relationship with everyone in your database.

It includes the last point of contact and this includes a variety of different activities including meetings, SMS, lunches – everything.

How to stay GDPR-compliant with Chameleon-i

Now that your data is all up to date, it’s worth staying on top of it.

The General Data Protection Regulation requires organisations to safeguard data and improve relationships.

Essentially this means that you must make sure you know who you have in your database and why you have data on them.

Our GDPR module helps you communicate with your candidates and allow them to Opt-in or Opt-out, as well as confirm the data held.

Go ahead and contact us – we’re happy to help if you would like more information.

Benefit from automatic organising with our GDPR Module

This module is so useful to an organisation. You can:

  • Remind your database that you exist
  • Gives your candidates the chance to update you
  • Gives your candidates an opportunity to be forgotten

It takes the time and effort out or organisation your database – so you can have the time and effort to do what you do best.

So how does it work?

Chameleon-i will automatically generate two baskets:

  1. GDPR Contacts
  2. GDPR Delete Contacts

The GDPR Contacts will be populated with candidates that have not been created or contacted within 6 months. This will automatically happen each night, so you can be assured that this list will continue to update itself.

Free GDPR e-mail template

We’ve made it even easier for your recruitment agency to remain compliant with our free GDPR e-mail template.

Our module also allows you to select how old the contacts ‘Last Contacted’ date for a contact to be placed in a GDPR basket.

Choose to ‘Activate GDPR Emails’ and we will automatically:

  • Send an e-mail to each candidate in the GDPR Contacts basket
  • Change the ‘GDPR Status’ field in the candidate record to ‘No Response’
  • Update the ‘Last Contacted’ field to today’s date
  • Remove the candidate from the GDPR Contacts basket

Once candidates have received their e-mail, there are three choices:

  1. Do nothing:
    – Nothing will happen in Chameleon-i
  2. Opt-in:
    – Last Contacted date will be changed in the record,
    – The GDPR Status field will be set to Opted-in
  3. Opt-out:
    – The Last Contacted date in the candidate record will be updated
    – The GDPR Status field will change to Opted out
    – The Candidate will be added to the GDPR Delete Contacts basket


GDPR doesn’t have to be difficult – our software can make it easy for all our recruitment agencies to get GDPR-ready, and remain compliant.

If you’d like to know more or have any questions about GDPR, please contact us – we’re here to help.