How to prepare for GDPR in aviation recruitment

Discover what's going to happen with GDPR in aviation recruitment and how you can prepare your hiring strategy to accommodate new legislation.


Preparing for the introduction of GDPR in aviation recruitment should be high on your priority list right now.

With new rules set to come into force from 25 May (and, heavy penalties to be levied for non-compliance), you urgently need to review your stored data, data processing and protection processes.

Let’s take a closer look:

What is GDPR and how will it impact aviation recruitment?

The introduction of the General Data Protection Regulation (GDPR) is an EU initiative designed to reinforce data protection for all EU citizens.

Effectively, this brings the law into line with how consumers (or ‘candidates’ in recruitment terms) expect their personal data to be used today.

In short, GDPR will give candidates more say over their data, requiring it to be processed:

  • Lawfully
  • Transparently
  • For a specific purpose (then, deleted after use)

These rules apply to all data ‘controllers’ and ‘processors’ when dealing with any EU resident, even if the company in question is based elsewhere.

The legislation covers all data defined as ‘personal’. The EU has expanded the scope of this definition to include all economic, cultural, mental health and IP information, in addition to other personal details.

Candidates can also request an overview of the personal data you store on them and request the deletion of their data.

In practice, this will severely limit how you use both the data you already have, and that which you will acquire in future.

To enforce this new legislation, the EU has outlined fines for data breaches or non-compliance of up to €20 million, or 4% of your global annual turnover if this figure is greater.

How you can prepare for GDPR in aviation recruitment

Here’s a quick introduction to how you should get ready for GDPR in aviation recruitment:

Audit your existing data

Start by deleting any data that doesn’t meet the relevant protection and authorisation thresholds.

Then, map out all the places you store candidate information, including:

  • Shared folders
  • Excel sheets
  • Databases
  • Timesheets
  • Pay/billing information
  • External and in-house systems

Next, create a list of all the ways you gather data, such as via email, website registration forms, call notes and event lists.

Review your data gathering systems

Review all these data gathering systems to check they adhere to the new criteria. And, ensure you provide candidates with plenty of information about how you intend to use their details.

You’ll now need explicit consent to gather any personal data and should only use it for the express purpose for which it was provided. You can take steps towards covering this by publishing your privacy policy in a visible location.

Document your processes in writing in case you need to provide them to a third party. And, convert your candidate data into an accessible format (such as CSV) to issue to candidates, or transfer to another organisation on request.

Strengthen your data protection processes

Look closely at your data protection processes (get professional assistance if required) and ensure they’re as watertight as possible.

Establish a process by which you’ll notify the Information Commissioner’s Office (ICO) within the allotted 72-hour window in the event of any breaches.

Take all this into account, and you’ll be well on your way towards preparing for GDPR in aviation recruitment.

Stay the right side of GDPR legislation and keep your hiring processes running like clockwork by calling on AeroProfessional.

Quick Enquiry