If you’re hiring talent from the EU, then you’re probably aware that GDPR is a big deal. This sweeping privacy policy put a lot of restrictions on how you can attain and retain candidate data. Staying within the rules of GDPR while sourcing passive candidates can be a complicated task, especially since proactive outreach often relies on Personal Data such as name, email, social profiles, etc..

We keep Hiretual up to standard when it comes to GDPR, and we’ve built out our system in such a way to make sure that any candidates passed on to your organization meet those requirements.

We Are Committed To Keeping You GDPR Compliant, And Here’s How We Do It.

When you launch a search using Hiretual’s AI, we gather information from dozens of platforms and the open webs to identify candidates that meet your needs. Hiretual gathers that information based on legitimate interest, which is to create a win-win situation that mutually benefits both the employers and potential job candidates.

During this process, if we identify that a candidate is currently in the EU, we hide that person’s Personal Data. This creates a sort of “blind hiring” mode where only skills and work history are visible.
If you’re interested in contacting the candidate, we present an option for you to have us request consent to share their information with you for hiring purposes.

Hiretual Blind Hiring Candidate View


When the candidate agrees, we reveal the rest of their information, making it possible for you to contact the candidates directly. If the candidate denies access, fails to respond to the email, or requests removal of his or her personal information, we will delete that  information and he or she will disappear from your pipeline. This way the candidate will contact Hiretual directly instead of involving your organization.


We admit that this buffer period can make our workflow less fluid than with candidates in other regions. You might ask “why go through the extra trouble when we’re already working with legitimate interest?”

This extra layer is to make sure that a passive candidate is willing to share his or her personal information with you. Because GDPR is a new law with little legal precedent, we want absolute certainty that a candidate is happy to talk to you before passing on the responsibility to you. We take extra steps that other sourcing solutions don’t in order to keep your organization at the maximum level of compliance.

The silver lining of this system is that helps recruiters focus on people who are ready to move. Candidates who want to hear from your organization about job opportunities will self-select to be contacted. Otherwise a recruiter would devote valuable time to crafting a message before knowing where a candidate stands.

Staying Compliant With Data You Own

When Hiretual is acting as a Data Processor (when you upload your data to our system) we ensure availability of documented processing requirements and data flows as outlined under Article 30. Rest assured that compliance is properly managed throughout the lifetime of your data. Specifically we:

  • Maintain clear documentation of data protection policies, procedures, and security measures.
  • Enter into a Standard Data Privacy Agreement (Data Processing Addendum) as a part of our contract with Hiretual Pro users.
  • Keep records of all candidate data collected, identify and map data flow, and document what processing is involved.

We hope this clears up any concerns you have about using Hiretual to source passive candidates while staying GDPR compliant. If you have additional questions, please contact our team.