GDPR Compliance for Recruitment Agencies in Guildford

This guide was written for founders and managers running agencies in Guildford. Whether you are just starting out or scaling an existing operation, the rules and best practices here are specific to the Guildford market — not generic advice you will find recycled across dozens of websites.

What personal data you hold

Recruitment agencies in Guildford typically hold candidate CVs, passport/ID scans, National Insurance numbers, bank details, medical information (for pre-employment checks), and communication history. Each category has different sensitivity levels and different lawful bases under UK GDPR.

Lawful basis for processing

For candidates you are actively placing: legitimate interest usually applies. For speculative CVs: you need either consent or legitimate interest with a documented balancing test. For placed workers: contract performance is the basis. For marketing to past candidates: consent is safest. Document your basis for each processing activity in a Record of Processing.

Retention periods

Common Guildford agency retention schedules: active candidates — 2 years from last contact; placed workers — 6 years (for tax and employment law purposes); unsuccessful applicants — 6 months; CCTV footage — 30 days; email correspondence — 2 years. Review and delete overdue records at least quarterly.

Subject access requests

Candidates and workers in Guildford can request all data you hold on them. You have 30 calendar days to respond, with a possible 2-month extension for complex requests. The response must be free of charge in most cases. Oblivion generates SAR exports automatically from candidate profiles.

Breach response

A reportable breach under UK GDPR must be notified to the ICO within 72 hours of discovery if it is likely to result in risk to individuals. Examples: sending a candidate's CV to the wrong employer, losing an unencrypted USB with worker details, or a system compromise exposing personal data. Document all breaches even if not reportable.

Manage your Guildford agency with Oblivion

The platform built for agencies just like yours — start free, no card needed.

Start Free →