GDPR Compliance for Recruitment Agencies in Manchester

If you are researching how to get started in Manchester, you are in the right place. This is a practical guide built around real agency experience, local regulations, and the tools that actually work for Manchester businesses in 2026.

What personal data you hold

Recruitment agencies in Manchester typically hold candidate CVs, passport/ID scans, National Insurance numbers, bank details, medical information (for pre-employment checks), and communication history. Each category has different sensitivity levels and different lawful bases under UK GDPR.

Lawful basis for processing

For candidates you are actively placing: legitimate interest usually applies. For speculative CVs: you need either consent or legitimate interest with a documented balancing test. For placed workers: contract performance is the basis. For marketing to past candidates: consent is safest. Document your basis for each processing activity in a Record of Processing.

Retention periods

Common Manchester agency retention schedules: active candidates — 2 years from last contact; placed workers — 6 years (for tax and employment law purposes); unsuccessful applicants — 6 months; CCTV footage — 30 days; email correspondence — 2 years. Review and delete overdue records at least quarterly.

Subject access requests

Candidates and workers in Manchester can request all data you hold on them. You have 30 calendar days to respond, with a possible 2-month extension for complex requests. The response must be free of charge in most cases. Oblivion generates SAR exports automatically from candidate profiles.

Breach response

A reportable breach under UK GDPR must be notified to the ICO within 72 hours of discovery if it is likely to result in risk to individuals. Examples: sending a candidate's CV to the wrong employer, losing an unencrypted USB with worker details, or a system compromise exposing personal data. Document all breaches even if not reportable.

Manage your Manchester agency with Oblivion

The platform built for agencies just like yours — start free, no card needed.

Start Free →