This answer is written by AI. The information provided in this response is intended for general informational purposes only and should not be considered as legal advice. Do not rely solely on the information provided in this response for any legal decisions. Consult with a qualified legal professional before making any decisions.

Is Storing Candidate Data Long-Term on ATS Platforms Like Workable Compliant with UK Data Protection Laws?

Question from Lou, Is Storing Candidate Data Long-Term on ATS Platforms Like Workable Compliant with UK Data Protection Laws?

Answer from AI:

When it comes to storing personal data, especially in the context of recruitment, understanding and complying with data protection laws is crucial. In the UK, the key legislation governing the collection, use, and storage of personal data is the General Data Protection Regulation (GDPR) as incorporated into UK law (UK GDPR), alongside the Data Protection Act 2018. These laws set out strict principles and requirements for data processing activities. If you’re considering using an Applicant Tracking System (ATS) like Workable to store prospective candidates’ data long-term, there are several important considerations to keep in mind to ensure compliance.

Key Considerations for Compliance

Lawfulness, Fairness, and Transparency: Under the UK GDPR, personal data must be processed lawfully, fairly, and in a transparent manner. This means you need to have a valid legal basis for processing candidates’ data (such as consent or legitimate interest) and must inform candidates about how their data will be used.

Data Minimization and Storage Limitation: You should only collect data that is necessary for the recruitment process and not store it for longer than necessary. While you mention the need to store data long-term due to the nature of your recruitment process, it’s important to regularly review the data you hold and delete anything that is no longer needed.

Security: The UK GDPR requires that personal data is processed in a manner that ensures its security. This includes protecting against unauthorized or unlawful processing and against accidental loss, destruction, or damage. Using a reputable ATS platform like Workable, which has robust security measures in place, can help meet this requirement.

Individual Rights: Candidates have various rights under the UK GDPR, including the right to access their data, the right to rectification, the right to erasure, and the right to object to processing. You must ensure that your use of Workable allows you to comply with these rights.

Steps to Ensure Compliance

  1. Conduct a Data Protection Impact Assessment (DPIA): Before implementing Workable or any ATS for long-term data storage, conduct a DPIA to identify and mitigate any data protection risks.
  2. Update Your Privacy Notice: Ensure your privacy notice clearly explains that you are using an ATS for storing candidate data, the purposes for processing this data, and candidates’ rights regarding their data.
  3. Implement Data Retention Policies: Establish clear data retention policies that define how long candidate data will be stored and the criteria for its deletion. Regularly review and purge data that is no longer necessary for the recruitment process.
  4. Secure Candidates’ Consent: Where appropriate, obtain explicit consent from candidates for storing their data long-term. Make sure they understand what they are consenting to and that their consent is freely given.
  5. Ensure Data Security: Work with Workable or any ATS provider to ensure that they have strong security measures in place to protect candidate data.


Storing candidate data long-term on an ATS platform like Workable can be compliant with UK data protection laws, provided that you take the necessary steps to ensure lawfulness, fairness, transparency, and security in your data processing activities. It’s important to regularly review your data processing practices and policies to ensure ongoing compliance.

For more detailed guidance, you may wish to consult the ICO’s Guide to Data Protection, which provides comprehensive information on compliance with the UK GDPR and the Data Protection Act 2018. Remember, this information is not a substitute for legal advice, and consulting with a legal professional who specializes in data protection law can provide you with advice tailored to your specific situation.

Click to rate this post!
[Total: 0 Average: 0]

Leave a Comment