Our consultation on this draft guidance is open until 5 March 2024.
In detail
- How might we obtain information about candidates for recruitment?
- How might we deal with unsolicited applications or CVs?
- What information can we ask for in the application process?
- When can we ask for special category information?
- Can we ask candidates for details about their previous convictions at the initial application stage?
How might we obtain information about candidates for recruitment?
You might obtain information about candidates in a number of ways, for example by:
- designing an application form and asking candidates to provide specific information about themselves so you can consider them for a particular role. (You should tailor your application form to the vacancy you are recruiting for to ensure that you only collect the information you need);
- asking candidates to provide their CV; or
- manually searching for candidates using publicly available sources (eg job boards or recruitment platforms).
You might also obtain information about candidates, even if you haven’t asked for it. For example:
- a person sends you their CV on a speculative basis for you to consider them for future roles; or
- you receive a recommendation about a possible candidate from another person or organisation.
You might instead outsource your recruitment functions to an external recruiter. They will then send you information about potential candidates who meet your requirements.
How might we deal with unsolicited applications or CVs?
If candidates send you their personal information, even if you have not asked for it, you must still comply with data protection law. This includes being transparent about how you deal with personal information. You should:
- make it clear to candidates whether you consider unsolicited applications – this may help minimise the amount of information you collect;
- cover unsolicited applications in your retention and disposal policy; and
- explain how you deal with unsolicited applications in your privacy notice.
It is important that you are transparent with candidates about how you use their personal information, even if you don’t plan to use it immediately. For example, a recruiter or employer may receive and retain a collection of speculative applications for future roles if suitable vacancies arise. Particularly if you are a recruiter, this process may form part of your core business model.
If you receive personal information but do not plan to use it, you must securely delete it as soon as possible. If you do plan to use the information, you should only use it for recruitment purposes (eg when potential vacancies arise within your organisation or an organisation you are recruiting for). You should explain this in your privacy information.
Further reading
What information can we ask for in the application process?
You can ask candidates to provide the information you need in order to consider them for the next stage of the recruitment process. What you may need can vary depending on the role and you must be able to show why you are collecting the information.
Example
A haulage company runs a recruitment campaign for lorry drivers. The application form asks candidates to confirm they can drive heavy goods vehicles and provide their driving licence number.
A few months later, the haulage company decides to recruit office-based staff for administrative roles. These staff are not required to drive, so the haulage company doesn’t ask candidates if they can drive or for their driving licence number.
You must only collect information that is proportionate and relevant to the role. For example, the amount and type of information you may need to recruit a company director with resource management responsibilities is likely to differ from the amount and type of information you need for operational or administrative roles.
In general, you should not ask candidates to provide:
- information you don’t need, even if you think it might be useful at a later stage or for other roles you are recruiting for;
- information you’ll only need if you employ them (such as bank or emergency contact details);
- information that would be more appropriate to ask for at a later stage for verification purposes (eg details about spent or unspent convictions);
- special category information – unless you need this in order to make the recruitment decision (see the following section); and
- information about trade union membership.
If you are a recruiter seeking information from a person who is looking for employment on a speculative basis, you can ask for information that will enable you to identify and match people to potential vacancies that are relevant to their stated interests. However, if a person has submitted their CV to you with a clear intention to find a job role in a particular industry, it would be excessive to request information from them that was not required or relevant to roles in their preferred industry.
When can we ask for special category information?
You can ask for special category information if you need it for your particular recruitment purposes and you have a condition for processing it. For example, a politician may require the successful candidate to share the political beliefs of their party and ask for evidence by requesting examples of the candidate’s campaigning work.
However, you should only ask for special category information at the stage in the recruitment process when you need it. This may often be at the verification or vetting stage rather than the application stage. However, you should explain to candidates at the early application stages when you will collect this information.
Example
A construction company wants to recruit a roof tiler. As the successful candidate needs to be able to climb ladders and carry out physically demanding tasks, the company wants to ensure that it only shortlists candidates who are physically mobile and can perform these tasks.
The company explains the physical requirements of the job and asks candidates to confirm that they can perform the required tasks. It does not ask candidates to provide evidence (eg a medical letter), as this would be excessive. However, it may collect this information at a later stage or carry out a medical assessment on the successful candidate.
However, even if the company does not ask for evidence, the candidate’s response to the question about their health is special category data, even if this simply involves ticking a box. Therefore, the construction company must have a special category condition for processing this information, in addition to a lawful basis.
In general, you should not ask candidates questions about their health unless it is relevant to the role. For example, if a medical condition may compromise the safety of the candidate or others in the workplace.
Example
The construction company needs to ensure that its tilers and heavy machinery operators do not suffer from any health condition that may place them or other workers at risk. It includes a list of specific medical conditions on the application form, including seizures.
It explains that candidates may not be suitable for the role if they suffer from any of these conditions unless they can provide evidence that the condition is under control (eg a doctor’s letter).
However, the company explains in the application form that it does not need candidates to provide further details or evidence at this stage in the process. The condition only permits employers to use health information to assess the working capacity of employees, so the company explains that it will only collect this information from the person who is offered the job. There are other rules they will need to follow when they collect this information.
Further reading
Can we ask candidates for details of any previous convictions at the initial application stage?
In general, you should not ask candidates to make a criminal records declaration on the application form. Information about criminal convictions is particularly sensitive and subject to extra protection under data protection law. You are not required to ask about criminal convictions, and you should only do so if you can show why this is necessary.
In most cases, criminal conviction information will not be relevant to the decision to shortlist, interview, or offer a candidate a job. However, if you consider that it is relevant to a particular role, you must document your reasons why. For example, if you need to collect the information at an earlier stage to comply with specific safeguarding requirements.
Example
A youth club is recruiting a team manager for a children’s sports group. It needs each candidate to make a criminal records declaration at the application stage before they shortlist them. This is to comply with safeguarding provisions. The application form states clearly that:
‘This role involves regulated activity with children. You must not apply if you are on the children’s barred list and your application will not be considered.’
It’s important that the application form makes it clear that it is a criminal offence for people who are on the children’s barred list to apply for this role.
You should be careful about how you ask for information about criminal convictions and consider the language you use on your form. You should not ask general questions about whether someone has ever been convicted of a crime. This is because it may cause candidates to provide information that you are not legally entitled to or is unnecessary for your recruitment purposes.
You must comply with the data minimisation principle when you obtain personal information. It’s unlikely to be necessary and proportionate for you to ask for this information from all candidates. In most cases, criminal records checks can take place as part of your pre-employment vetting. For further details, see the chapter on Pre-employment vetting of candidates.
You could explain in the application pack that you will require candidates to submit a criminal records declaration form if you make them a conditional offer of employment. You could also include a copy of the criminal records declaration form within the application pack and explain why this information is necessary and relevant to the role. You should make sure that you can separate and detach the criminal records declaration form from the rest of the application form.