Finding candidates

In detail

• Do we need to provide privacy information when we advertise vacancies?
• Can we use social media to advertise our vacancies?
• Can we manually search for candidates online?

Do we need to provide privacy information when we advertise vacancies?

If you invite people to apply for a vacancy, you must provide them with privacy information, including when you are advertising vacancies on behalf of another organisation. You can advertise vacancies using any method (eg social media, websites (including job boards), voicemail, radio or newspapers).

Can we use social media to advertise our vacancies?

You can consider advertising your vacancies in different ways.

You may decide to use methods that don’t involve using candidates’ information and direct marketing. For example, you might post details about the vacancy onto your social media page so that everyone who goes there can see it, or broadcast details of your vacancy to everyone who follows your account. Broadcasting to all of your followers in this way is not direct marketing as you are not targeting particular candidates on the basis of their personal information.

You might also want to use direct messaging on social media to tell specific people about your advert. For example, by sending someone a private message. Direct messaging on social media constitutes direct marketing and electronic mail under the Privacy and Electronic Communications Regulations (PECR). This means that you must comply with the rules around direct marketing and PECR.

Alternatively, you may consider using the tools provided by social media platforms to target your vacancy adverts to particular groups of people who use the platform. However, you must make sure that your use of these tools complies with data protection law as the activities in social media targeting are complex. For example, you must ensure that what you want to do is fair, lawful and transparent.

Can we manually search for candidates online?

Yes, you can search for candidates manually online using appropriate public social media platforms. However, you need to consider the following:

• If you use publicly available information for your own purposes, you are a controller and are fully responsible for how you use it. You must still comply with data protection law. This includes providing candidates with your privacy information as soon as possible, and by no later than one month of obtaining it.
• It may be reasonable to manually search for information using recruitment-based social media platforms, as candidates are reasonably likely to expect their information to be used in this way.
• You should not search for candidates on their personal social media profiles, even when these are public-facing. People are unlikely to expect employers to obtain information about them in this way. You risk obtaining information about them which is detrimental or reveals special category information. You should avoid this as it is intrusive, high risk, and not likely to reveal relevant information.

Once you have found suitable candidates, you must comply with the rules on direct marketing if you wish to contact them directly.