Registration
      Back to home
      1. Firefish Software Help Centre
      2. Candidate Management
      3. Registration

      GDPR Legal Basis for Processing Candidates

      Understand which legal basis applies when processing candidate data in Firefish


      Use the links below to jump to each section

      When processing candidate data in Firefish, you must select a legal basis under GDPR. This applies when adding a new candidate or reprocessing an existing one. Below are the available options and guidance on when to use each.

      Legal Basis Options

      Consent Request:

      Creates the candidate record and sends them login details so they can sign in and review and accept the candidate agreement, with the option to send this via email.

      Use this option when you plan to request the candidate's consent but have not yet received it.

      • Best for: New candidates who have not yet responded to a consent request.

      • Follow up: Ensure consent is recorded when received to update the basis.

      Consent Provided:

      Creates and confirms the candidate agreement, with the option to send an email. Use this option when you have already obtained the candidate’s consent. More information on this legal basis can be found on the ICO Website here

      Use this option when the candidate has explicitly agreed to the processing of their data.

      • Best for: Candidates who registered themselves or responded positively to a consent request.

      • Requires: Evidence of consent stored in Firefish

      Legitimate Interest:

      Creates and agrees to the candidate agreement automatically. This can be used when you use a candidates data in ways they would reasonably expect and which have a minimal privacy impact, or where there is clear justification for the processing of their data. More information on this type of legal basis can be found on the ICO website here.

      Use this when you have a genuine business reason to process the candidate's data, and it does not override their privacy rights.

      • Best for: Sourced candidates or those identified through third-party platforms.

      Not Applicable At This Stage:

      This is available when adding candidates to the system. It will just create the candidate without opting them into any agreement.

      Use this option when the candidate is being processed but no legal basis has yet been established.

      • Best for: Early-stage records where compliance workflow has not begun.

      • Important: You must update this to a valid legal basis before continuing processing.

      Where Legal Basis is Used

      You’ll be prompted to select a legal basis when:

      • Adding a new candidate manually

      • Receiving an application through your Firefish website (if configured to do so)

      • Reprocessing an existing candidate from your To Do list

      Example Table in Firefish

      This dropdown appears during candidate registration or reprocessing and contains the options listed above. The available options may vary depending on your system configuration.

      Screenshot: Legal Basis Options

       

      Please note: The guidance in this article is for general information only and does not constitute legal advice or mandatory requirements.