How GDPR changes the way HR utilises social media

Social media is an indispensable part of the recruitment process. It offers advantages to both employers and employees but it pays to be aware of its inherent pitfalls. Candidates will almost certainly be users of one or more platforms. They may have put a lot of effort into creating a professional profile on LinkedIn. However, they may not have taken so much care to curate what they share on other platforms, which prospective employers have become accustomed to inspecting in order to gain a more rounded view of an applicant.

A Social Media Free-For-All

A study carried out by CareerBuilder in 2018 found that 43% of UK employers use social media to monitor their current employees and 70% use it to screen new applicants. It’s reasonably certain that these figures will have risen since then. However, 2018 also happened to be the year when the EU’s General Data Protection Regulation (GDPR) was introduced which affected not just Europeans but had implications for businesses worldwide. The need for GDPR compliant recruitment software has never been greater.
Recruitment today relies heavily on data. Recruiters harvest enormous amounts of information from every source available. Anything individual posts online and makes even partially public used to be fair game for anyone to view. That is no longer the case.

How GDPR compliant recruitment software can help

One of the primary purposes of the GDPR is to ensure that consent is obtained from the subject if another party wishes to view or use their data. This is an obvious precaution in areas such as medical records and financial information. What may surprise many is that the GDPR obligation to obtain consent extends to social media accounts, making the use of GDPR compliant recruitment software one of the surest ways of guaranteeing the discharge of these responsibilities.

There are four key provisions that apply to the use of social media in the context of recruitment

An employer is required to notify candidates that they intend to view their social media accounts, even if they are in the most public setting.
An employer must have a legitimate reason for accessing the information.
An employer may only view social media accounts if the information they are accessing is ‘relevant to the performance of the job being applied for’.
An employer must comply with all the GDPR’s principles regarding data protection.

Most of the conditions listed here are self-explanatory but it is worth considering what might constitute a ‘legitimate reason’. This is drawn fairly narrowly and is largely concerned with a company’s right to protect its interests, reputation and confidential information. Dragging up a photo of a drunken escapade from ten years ago is very unlikely to satisfy this requirement.
Chameleon-i was at the forefront of preparations for the implementation of the GDPR and is now able to offer fully GDPR compliant recruitment software solutions to our clients. It is the safest way to avoid even accidental contravention of the GDPR regime.