At Big Data Law in London we advise a range of commercial clients on GDPR and the steps they need to take now to ensure compliance. GDPR will be implemented in the UK after May 2018. From then on, more stringent data protection rules apply. And it’s clear to us that some sectors will face greater scrutiny in the new data protection landscape than others. One of these is the commercial recruitment sector. We advise companies operating in this area, helping them to become GDPR compliant, to minimise the potential for data breaches within their organisations and to avoid significant financial sanctions. If you are a recruiter and have GDPR concerns, call us now on 0203 670 5540.



When engaging a recruitment agency a candidate will provide details of his or her current salary and future earning expectations as well as other sensitive information. A breach of data of this nature could have serious financial and professional implications for an individual.

Most recruitment agencies will already comply with the Data Protection Act. And you should view GDPR as an extension of that. So GDPR does not mean inventing data protection policies from scratch. However there are crucial new obligations that will apply to the way you handle the data you hold of individuals looking for work through your agency.

In essence GDPR is all about giving individuals greater control over the information that companies hold about them. And the recruitment industry handles personal data that is of a more sensitive nature than that held by many other organisations.



Under the new regulations the way recruitment agencies handle personal data is set to change in a number of ways, including:

  1. The ‘right to be forgotten’ – A candidate can ask you to delete their data and you are obliged to do so.
  2. Data portability – An individual can ask you to transfer their data to a competitor agency. And you are required to do this, in a prescribed form, free of charge.
  3. Consent – Under GDPR candidates for jobs must now give explicit consent every time their data is processed. Now is the time to go through your database and ask each candidate for consent.
  4. Data sharing rules – If you wish to share personal data you should ensure that your processes and policies comply with GDPR. You must also ensure you have the explicit consent of the individual before you share any data.


These are just some of the changes you need to be aware of as GDPR implementation approaches. If you are in the recruitment business and have concerns about GDPR, contact us now. You can call us on 0203 670 5540 or contact us online.


Shuba provided excellent help in a very tough case, and acted above and beyond my expectations. With her friendliness, passion, and a wealth of knowledge, she made me feel comfortable in a trying time, and her professional services led to quick results in my case. I can highly recommend her services.

Cecilie Harris ***** See more reviews


Shubha Nath is director of Nath Solicitors, a boutique London law firm specialising in commercial contracts, company laws (formation/shareholder matters/M&A) and private and commercial dispute resolution.


When we state we partner with you to achieve results, it’s not just a slogan. Many of our solicitors have spent years working in the City, and we are passionate about business and helping our clients achieve their objectives.

See more on Nath