Recently added Tips & Advice

Most read Tips & Advice
Recently added Tips & Advice

All Domains

Latest news
- my News
Employment & HR
- Brexit
- Maternity, paternity, adoption
- Training
- Trade unions
- Termination of employment
- Retirement
- Redundancy
- Recruitment
- Pay & conditions
- News
- Legal developments
- Absence management
- HR/personal development
- Holidays
- Flexible & part-time working
- Employment status
- Employment contracts
- Discrimination
- Disciplinary, dismissal and grievance matters
- Data protection
- Working time
Health, safety & environment
- Brexit
- Contractors
- Noise
- News
- Manual handling
- Machinery
- Insurance
- Health & safety management
- Fire safety
- Environmental management
- Enforcement
- Energy
- Construction
- Pollution
- Chemicals
- Accidents
- Workplace
- Working at height
- Wildlife
- Water
- Waste
- Transport
- Tax
- Risk assessment
- PPE
- Occupational health
Running a business
- Banking, finance & insurance
- Brexit
- Property
- Office management
- News
- Insurance
- Directors' liability
- Debt recovery
- Cost cutting
- Company law
- Commercial & consumer law
- Cars & transport
- Buying/selling a company
Tax
- Extracting income from a company
- Inheritance tax
- Stamp duties
- Sole traders & partnerships
- Returns, forms & HMRC admin
- Pensions
- News
- National Insurance
- Land & buildings
- Income tax
- Brexit
- Expenses
- Enquiries & penalties
- Employment taxes
- Corporation tax
- Cars, vans and vehicles
- Capital gains tax
- Capital allowances
Technology for Business
- Apps
- Health & fitness
- Travel & transport
- Software
- Social media
- Security
- Search & SEO
- News
- Hardware
- Building & designing a website
- Entertainment
- E-mail
- E-commerce
- Culture & science
- Consumer matters
- Business affairs
- Web services
VAT
- Brexit
- Debt relief
- Enquiries and penalties
- Input VAT (VAT on purchases)
- Land & property
- News
- Output VAT (VAT on sales)
- Overseas matters
- Registration
- Returns, forms & HMRC admin
- Special schemes
- VAT rates
All Domains

May 2018

Last 7 days
Last 30 days
Last 90 days
Full year
All years

DATA PROTECTION - GDPR - 18.05.2018

How long can we hold CVs on file?

You’ve interviewed a candidate who was unsuccessful but they may well be suitable for a future job role. Are you permitted to hold their CV on file or does the General Data Protection Regulation (GDPR) prohibit this?

Suitable...but not this time

Previously, when an interviewee has been unsuccessful but potentially a good fit for their business, our subscriber has retained their CV on file for a few months, just in case a suitable job vacancy arises. They want to know if it will still be possible to do this under the General Data Protection Regulation (GDPR).

Strict duties

An unsuccessful candidate’s CV can still be kept on file provided you fully comply with your duties under the GDPR . The starting point here is that you must provide all job applicants with a clear and comprehensive privacy notice that sets out:

how their personal data will be used
when their personal data will be used
how long personal data will be kept.

Spell it out

Therefore, if you wish to hold unsuccessful applicants’ CVs on file in case a future vacancy arises, you must inform candidates of this in the privacy notice. In addition, you must have a lawful basis for this data processing activity. Some employers will ask an unsuccessful candidate for their express consent to hold their CV on file. Assuming the candidate agrees, and most probably will, there won’t be any adverse consequences. Alternatively, it’s possible to rely on “legitimate interests” to retain their personal information. This is another lawful basis for processing personal data.

Retention periods

Under the GDPR you are free to set data retention periods in respect of recruitment records according to business needs. That said, one of the data protection principles is that personal data should not be kept for any longer than is necessary for the particular purpose for which it is being retained. This means you cannot keep unsuccessful candidates’ CVs indefinitely.

Six months to one year

Most businesses will be able to legitimately retain CVs for six months but you may wish to keep them for up to a year. Provided you adhere to your obligations under the GDPR , this shouldn’t present any problems.

Tip 1. Either way, set out your specific retention period in your privacy notice for job applicants. Also ensure that retained CVs are routinely audited and confidentially destroyed once they reach the deadline.

Tip 2. Our privacy notice for job applicants can be used as your starting point (see The next step ). It set outs how employers generally process personal data during recruitment and the job applicant’s GDPR rights. It must be adapted so it’s relevant to your own data processing activities.

Tip 3. This privacy notice should be issued at the point you collect a job applicant’s personal information. It must be provided in writing, but an electronic version is acceptable.

For a free privacy notice for job applicants, visit http://tipsandadvice-personnel.co.uk/download (PS 20.11.05).

You can retain CVs but you must provide job applicants with a privacy notice at the point you collect their personal data which sets out how you will use it, how long it will be kept for and their GDPR rights. You’re free to set a CV retention period - most employers will be able to justify six months.