Book a demo Log in / Sign up

Recruitment Privacy Notice Template for England and Wales

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Recruitment Privacy Notice?

The Recruitment Privacy Notice is essential for any organization conducting hiring activities in England and Wales. This document is required to comply with UK GDPR and the Data Protection Act 2018, ensuring transparency in data processing during recruitment. It informs candidates about how their personal information will be used, stored, and protected throughout the application process. The notice must detail the types of data collected, legal bases for processing, retention periods, and candidates' rights regarding their personal information. Organizations must provide this notice to all job applicants before or at the time of collecting their personal data.

Frequently Asked Questions

Is a Recruitment Privacy Notice legally required for employers in England and Wales?

Yes, a Recruitment Privacy Notice is legally mandatory under UK GDPR and the Data Protection Act 2018 in England and Wales. All employers must provide this notice to job applicants before or at the time of collecting their personal data during the recruitment process. Failure to provide this notice can result in significant fines from the Information Commissioner's Office (ICO).

How much can I be fined for not having a proper Recruitment Privacy Notice in England and Wales?

Under UK GDPR and the Data Protection Act 2018, the Information Commissioner's Office can impose fines up to £17.5 million or 4% of annual global turnover, whichever is higher. Even for smaller breaches, fines can range from £8.7 million or 2% of turnover. The ICO also considers factors like the nature of the breach and your organization's size when determining penalties.

How does a Recruitment Privacy Notice differ from a general Privacy Policy in England and Wales?

A Recruitment Privacy Notice is specifically designed for job applicants and covers data processing during hiring, while a general Privacy Policy covers customers, website visitors, and employees. The recruitment notice must detail specific lawful bases for processing CV data, interview notes, and background checks. It also has different retention periods and rights explanations tailored to the recruitment context.

How long does it typically take to create a Recruitment Privacy Notice for England and Wales?

Creating a basic Recruitment Privacy Notice using a template typically takes 2-4 hours to customize for your specific recruitment processes. However, if you need legal review or have complex data processing activities, allow 1-2 weeks. Large organizations with multiple recruitment channels and international operations may need several weeks to ensure comprehensive coverage.

Can I use the same Recruitment Privacy Notice for different types of jobs in England and Wales?

Generally yes, but you may need different versions for roles requiring enhanced background checks (like financial services or roles with children). Your notice must accurately reflect the data processing for each recruitment type. If you use recruitment agencies, conduct psychometric testing, or require security clearances for certain roles, these processes need specific mention in your privacy notice.

Which common mistakes should I avoid when drafting a Recruitment Privacy Notice in England and Wales?

The most common mistakes include failing to specify retention periods for unsuccessful candidates, not explaining the lawful basis for processing, and using generic template language that doesn't match your actual recruitment practices. Many employers also forget to include third-party recipients like recruitment agencies or background check providers, and fail to update the notice when recruitment processes change.

How long must I keep job applicant data under England and Wales recruitment privacy laws?

Under UK GDPR, you should only retain unsuccessful candidate data for as long as necessary for your specified purposes. Most employers keep unsuccessful applicant data for 6-12 months for potential future opportunities or to defend against discrimination claims. Your Recruitment Privacy Notice must clearly state your specific retention periods and explain why you've chosen those timeframes.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

LinkedIn

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

LinkedIn

Jurisdiction

England and Wales

Reviewed by

Swetha Meenal & Imad Mohammed Nazar

Publisher

GenieAI

Category

Privacy Policy

Sector

Business

Cost

Free to use

Last updated

About the Recruitment Privacy Notice

When you're hiring new employees in England and Wales, you must provide job applicants with clear information about how you'll handle their personal data. A Recruitment Privacy Notice is your legal obligation under UK GDPR and the Data Protection Act 2018, ensuring candidates understand exactly what happens to their information during the application process.

When do you need this document?

You need a Recruitment Privacy Notice whenever you collect personal information from job applicants. This includes online application forms, CV submissions, interview processes, background checks, and reference requests. Whether you're a small business hiring your first employee or a large corporation running multiple recruitment campaigns, this notice must be provided before or at the time you collect any personal data. It's also required when using recruitment agencies, as you remain responsible for ensuring candidates receive proper privacy information about how their data will be used.

Key legal considerations

Your notice must clearly identify your organization as the data controller and specify exactly what personal information you collect, from basic contact details to sensitive data like criminal record checks or health information for reasonable adjustments. You must explain your lawful basis for processing under UK GDPR, typically legitimate interests for general recruitment activities and legal compliance for right-to-work checks. The notice should detail how long you'll retain unsuccessful candidates' data and successful applicants' information as it transitions to employee records. You must also explain candidates' rights, including access, rectification, erasure, and the right to object to processing, along with clear contact information for exercising these rights.

Legal requirements in England and Wales

Under UK GDPR and the Data Protection Act 2018, you must provide this notice in a concise, transparent, and easily accessible format using clear, plain language. The notice must be provided free of charge and be easily distinguishable from other information. For online applications, this typically means including the notice on your careers page or application portal. You must also comply with the Equality Act 2010 by explaining how you'll handle sensitive personal data related to protected characteristics, and the Rehabilitation of Offenders Act 1974 regarding criminal record information. The Immigration, Asylum and Nationality Act 2006 requires specific data processing for right-to-work verification, which must be clearly explained in your notice. If you use automated decision-making or profiling in your recruitment process, you must provide additional information about this processing and candidates' rights to human intervention.

GOVERNING LAW

Applicable law

This Recruitment Privacy Notice is drafted to comply with England and Wales law. Key legislation includes:

UK GDPR: UK General Data Protection Regulation - Primary legislation governing how personal data must be processed, stored and protected in the UK post-Brexit

DPA 2018: Data Protection Act 2018 - The UK's implementation of data protection law, working alongside and supplementing the UK GDPR

Employment Rights Act 1996: Defines basic employment rights in the UK, including aspects that may impact data collection during recruitment

Equality Act 2010: Legislation protecting against discrimination based on protected characteristics during recruitment and employment processes

Rehabilitation of Offenders Act 1974: Legislation governing the handling and consideration of criminal record information in recruitment processes

Immigration, Asylum and Nationality Act 2006: Legislation requiring employers to check candidates' right to work in the UK, impacting what documentation must be collected

ICO Employment Practices Code: Regulatory guidance from the Information Commissioner's Office on handling employee data, including during recruitment

ICO Recruitment Processing Guidance: Specific guidance from the ICO on how to handle personal data during recruitment processes

ACAS Recruitment Guidelines: Best practice guidance from ACAS (Advisory, Conciliation and Arbitration Service) on fair and legal recruitment processes

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it