Get the best directly to your inbox

Share via:
Latest News

How to be GDPR compliant

Cristyn Nartey

The General Data Protection Regulation (GDPR) is a security law passed by the European Union (EU) (Wolford). It requires organizations, both EU and non-EU alike, to comply with its prescribed data security standards; failure to adhere to these regulations could result in heavy fines amounting to tens of millions of euros (Wolford). 

A brief history of GDPR

The current EU regulation on data protection dates back to the 1950 European Convention of Human Rights, which declares that:

“Everyone has the right to freedom of thought, conscience, and religion; this right includes freedom to change his religion or belief and freedom, either alone or in community with others and in public or private, to manifest his religion or belief, in worship, teaching, practice, and observance.” 

With this in mind, Tribe is dedicated to ensuring that it is GDPR compliant. As recruiters, we receive and use personal data on a daily basis. This is why we handle all data sensitively and discreetly, from submitting candidate CVs to the hiring process. 

With good talent management comes good data management. Our data management includes information including, but not limited to contact details, salary expectations, health information, etc. From a legal standpoint, any data we collect is specifically job-related and is from sourced candidates who we intend to contact within 30 days. At Tribe, we ensure that we always receive candidates’ consent to process their data e.g. disability information, cultural, genetic, or biometric information. 

Candidate, know your rights!

Candidates have the right to be forgotten, meaning that at Tribe, whenever a candidate asks us to delete and stop processing their personal data, we do just that with no hesitation.

Candidates have the right to access their data and to amend it. This includes requests to ascertain what data we may possess at that point in time. In compliance with GDPR requirements, Tribe grants both requests within 30 days and provides the candidate with a free electronic copy of their personal data. 

Recruiters, know your role!

Transparency is paramount – you should have clear privacy policies, and these should be readily available to all candidates upon request

Compliance also extends to your client, as any failure to comply would implicate them. When you join a client, it is advisable that you inquire about their GDPR compliance to make sure that they are up to speed (not all companies are, unfortunately). 

It is worth noting that failure to comply has cost some companies hundreds of millions of euros, as shown in the infographic below:


Here at Tribe, we have an open-door policy and welcome all candidate inquiries regarding personal data. We are committed to collecting, processing, and storing personal data properly and safely. As responsible recruiters, protecting the data of our candidates is of the utmost importance to us. 


Cristyn Nartey

Grow your knowledge in the industry

Industry insights, latest tips, tools, and tactics delivered straight to your inbox weekly.

Get in touch

Get in touch


Prague, Czechia 13000, CZ
Kubelikova 1224


Get in touch

I’m interested in:

Why Choose Tribe?

Let’s make hiring process a breeze!

We work to help you to overcome your hiring challenges – whether you’re an established name that is rapidly expanding or a brand-new start up looking to build your foundations – our embedded recruiters will become a part of your team and will help you ease your mind.