GDPR Compliance for Recruitment Agencies in Mumbai

The Mumbai market has its own compliance requirements, client expectations, and competitive dynamics. This guide cuts through the generic content and focuses on what actually matters if you are building or running an agency in Mumbai right now.

What personal data you hold

Recruitment agencies in Mumbai typically hold candidate CVs, passport/ID scans, National Insurance numbers, bank details, medical information (for pre-employment checks), and communication history. Each category has different sensitivity levels and different lawful bases under UK GDPR.

Lawful basis for processing

For candidates you are actively placing: legitimate interest usually applies. For speculative CVs: you need either consent or legitimate interest with a documented balancing test. For placed workers: contract performance is the basis. For marketing to past candidates: consent is safest. Document your basis for each processing activity in a Record of Processing.

Retention periods

Common Mumbai agency retention schedules: active candidates — 2 years from last contact; placed workers — 6 years (for tax and employment law purposes); unsuccessful applicants — 6 months; CCTV footage — 30 days; email correspondence — 2 years. Review and delete overdue records at least quarterly.

Subject access requests

Candidates and workers in Mumbai can request all data you hold on them. You have 30 calendar days to respond, with a possible 2-month extension for complex requests. The response must be free of charge in most cases. Oblivion generates SAR exports automatically from candidate profiles.

Breach response

A reportable breach under UK GDPR must be notified to the ICO within 72 hours of discovery if it is likely to result in risk to individuals. Examples: sending a candidate's CV to the wrong employer, losing an unencrypted USB with worker details, or a system compromise exposing personal data. Document all breaches even if not reportable.

Manage your Mumbai agency with Oblivion

The platform built for agencies just like yours — start free, no card needed.

Start Free →