+44 (0) 121 582 0192 [email protected]

Managing Applicant Data and Preventing Data Sprawl


The recruitment industry has witnessed a digital revolution, with applicant tracking systems (ATS) becoming essential tools for managing candidate data. However, this digital transformation brings forth significant challenges in maintaining data privacy. Recruitment agencies and HR departments must address concerns such as data retention, the lawful basis for processing applicant data, and containing personal data within the ATS to prevent data sprawl. In this article, we will delve into these challenges and explore strategies for effectively managing applicant data while safeguarding privacy.

  1. Data Retention and Storage Challenges

Effective management of applicant data involves implementing proper data retention practices to ensure compliance and minimize privacy risks. Key challenges include:

a. Defining Retention Periods: Establishing clear guidelines on data retention periods is crucial. It is essential to determine the necessary duration for retaining applicant data, balancing legal requirements and operational needs. Regularly purging outdated information mitigates privacy risks.

b. Secure Data Storage: Recruitment agencies and HR departments must prioritize secure data storage practices. Storing applicant data in encrypted databases or secure cloud platforms, implementing strong access controls, and using industry-standard security measures help protect sensitive information from unauthorized access or breaches.

c. Disposal of Data: Proper disposal of applicant data after the retention period expires is equally important. Securely deleting or anonymizing data ensures compliance with privacy regulations and minimizes the risk of data misuse.

  1. Lawful Basis for Processing Applicant Data

Processing applicant data requires a lawful basis in accordance with privacy regulations. Recruitment agencies and HR departments encounter challenges in establishing the appropriate legal basis for processing:

a. Consent: Obtaining explicit consent from applicants is a common approach for processing their personal data. However, ensuring that consent is freely given, specific, and informed can be challenging. Providing clear information about data processing purposes and allowing applicants to exercise their rights regarding their data is crucial.

b. Legitimate Interests: Organizations may rely on legitimate interests as a lawful basis for processing applicant data. However, it is necessary to conduct a thorough assessment to ensure that the interests of the organization do not unduly infringe upon the rights and freedoms of the applicants.

c. Compliance with Privacy Regulations: Recruitment agencies and HR departments must keep abreast of relevant privacy regulations, such as the General Data Protection Regulation (GDPR). Adhering to these regulations helps ensure that the lawful basis for processing applicant data is met, protecting both the applicants and the organization.

  1. Containing Personal Data within the ATS

Preventing data sprawl and containing personal data within the ATS is crucial to maintain data privacy and security:

a. Minimizing Data Export: Encouraging recruiters and HR personnel to conduct all applicant-related activities within the ATS helps minimize the need for exporting data to external platforms or applications. By centralizing data storage within the ATS, the risk of data sprawl and unauthorized access is significantly reduced.

b. Implementing Access Controls: Robust access controls within the ATS help restrict data access to authorized personnel only. Assigning different levels of access rights based on job roles and responsibilities ensures that personal data is accessed and processed only when necessary.

c. Training and Awareness: Regular training programs and awareness campaigns on data privacy and security are essential for employees. Educating staff members about the risks of data sprawl, the importance of containing data within the ATS, and the responsible handling of personal data fosters a privacy-conscious culture within the organization.


The recruitment industry faces significant challenges in maintaining data privacy while effectively managing applicant data. Addressing concerns related to data retention, the lawful basis for processing, and containing personal data within the ATS is paramount. By establishing clear retention policies, implementing robust security measures, and adhering to privacy regulations, recruitment agencies and HR departments can mitigate privacy risks and build trust with applicants. Furthermore, promoting a privacy-conscious mindset, emphasizing the importance of data containment within the ATS, and providing regular training on data privacy and security help prevent data sprawl and ensure the responsible handling of applicant data. Through these measures, the recruitment industry can navigate data privacy challenges effectively and protect the privacy rights of applicants.

Formiti data International are experts in global ATS and provide Audit, and Implementation services