Definition
Software used by employers to manage the recruitment process electronically, from receiving applications to making hiring decisions. An ATS automates job posting, application screening, interview scheduling, and candidate communication.
UK Context
UK employers using an ATS must ensure compliance with GDPR and the UK Data Protection Act 2018. Candidate data must be processed lawfully, and applicants have the right to access their data, request deletion, and be informed about automated decision-making. Retention periods for unsuccessful applicant data should typically not exceed six to twelve months.
Best Practices
- Configure data retention periods and automated deletion to comply with GDPR requirements
- Ensure the ATS does not introduce bias through keyword filtering that disadvantages protected groups
- Provide clear privacy notices to applicants explaining how their data will be processed and stored
Frequently Asked Questions
How long can candidate data be kept in an ATS?
Under GDPR, candidate data should only be retained for as long as necessary. ICO guidance suggests six months is a reasonable default for unsuccessful candidates, though some employers retain data for up to twelve months with the candidate's consent for future opportunities.
Can an ATS automatically reject candidates?
While an ATS can screen applications, GDPR Article 22 gives individuals the right not to be subject to solely automated decision-making with significant effects. Employers should ensure meaningful human involvement in rejection decisions.