// -------- Google Tag Manager (function(w, d, s, l, i) { w[l] = w[l] || []; w[l].push({ 'gtm.start': new Date().getTime(), event: 'gtm.js' }); var f = d.getElementsByTagName(s)[0], j = d.createElement(s), dl = l != 'dataLayer' ? ' & l = ' + l : ''; j.async = true; j.src = 'https: //www.googletagmanager.com/gtm.js?id=' + i + dl; f.parentNode.insertBefore(j, f); })(window, document, 'script', 'dataLayer', 'GTM-5VS3835');
Candidate.ID, Marketing Automation by iCIMS. Learn more about HR Tech's Product of the Year! Save your seat

GDPR and Your Existing Database

09.07.21 | Data Privacy/GDPR

Before GDPR even came in to force, companies such as Wetherspoons deleted their entire database. One year on from the GDPR, we’re still hearing from people who think they need to delete their existing database to be compliant. This isn’t the case – even if you have not tracked their permissions – but if you haven’t started to fix it, then START NOW. Do not wait a day longer.

Managing the rights of candidates under GDPR is a huge administrative burden and too big to be done manually. The risk of manual error is so significant you need to look at how this can be automated. With its privacy-by-design nature, Candidate.ID contains the complete feature set to automate compliance with the requirements of the GDPR.

Over the past year at Candidate.ID, we have worked through with our customers the many challenges and changes from GDPR:

  • Cleaning up disorganised data and ensuring the talent data is valid, depending on how it was obtained.
  • Getting existing databases fully compliant by ensuring all talent has a legal basis of processing.
  • Automating the tracking and documentation of the legal basis of processing, including the evidence of when and how it was collected.
  • Automating the ability for candidates to opt-out, manage their preferences and make subject access requests at any time.
  • Implementing department-wide security standards and best practices for accessing and using talent data contained within the Candidate.ID solution.

Candidate.ID Washing Machine

Welcome to what we like to call the ‘Candidate.ID Washing Machine’. Here’s what the process looks like…


Pick a segment of your database that you want to start the process with. Export this from your existing system and send to Candidate.ID. Our technical team will clean this list, removing irrelevant data and email addresses that are no longer valid.


Do you have a marketing team or a plethora of content already? Great – we can repurpose this. If not, that’s ok – our expert team of marketers at Candidate.ID can help you create some awesome content.

To implement this solution, begin a five-week nurturing campaign that is sent by email. Every single email will have a clear opt-out message, giving people plenty of opportunity to unsubscribe or request deletion. This campaign can engage up to 65% of people within your database – this is far in excess than what you will be achieving at the moment.


The database will be enriched naturally as you will know which email addresses are active and which are no longer being used. And as you have put a process in place that allows people to update their data with you, that will also help to improve data quality.

Once the first five weeks are complete though, the Candidate.ID team will also help to enrich the information of those people who have engaged with the campaign. This can find information from a variety of different public sources, so make sure that your policy states that you may cross reference identifiable data against these. This updated data can then be added to your CRM or ATS.

After 30 days – once you have a fair idea of how many candidates no longer engage with your content – you should move inactive candidates to your activation pipeline. This pipeline should be targeted with content that aims to engage candidates quickly. This could mean:

  • More direct subject lines – include First names or a call-to-action in the subject line.
  • Last chance content – the recruitment equivalent of low-stock.
  • Giving a chance to easily talk to a recruiter or line manager one-on-one.

Candidate.ID then allows you to automatically unsubscribe or delete.


Now, repeat this for all segments in your database. You must continue to contact those who became active during the implementation stage to maintain consent. You could drop this to one or two emails per month instead of weekly.

The Outcome

  • Your existing database is now GDPR compliant.
  • A transparent process is in place should there be any challenges from the ICO about how you manage existing candidate data.
  • Your data quality will dramatically improve through a number of different sources.
  • You can clean up your database by deleting those with invalid contact information or who have not engaged with your campaign.
  • It will give you a picture of who your live prospects actually are through Score.ID.

At Candidate.ID, we view GDPR as a tremendous opportunity for recruitment to develop deeper, more trusted relationships with the talent you want to attract and hire into your business. To navigate the GDPR and continue to blaze a trail in talent acquisition, you need to balance talent-centricity, governance, and compliance. Candidate.ID allows talent acquisition teams to work with GDPR in confidence, and to use the GDPR as a catalyst for hiring advantage.

If you are interested to learn more about automating GDPR compliance, download a free copy of our GDPR: 1 Year On ebook.

Let’s Get Started

Candidate.ID Book a Demo