GDPR Legal Basis for Processing Candidates

Different types of legal basis you can use to process candidates and what they mean.

When you're manually creating a candidate in Firefish or reprocessing a candidate via the Compliance To Do List, you must choose a legal basis for processing that candidate's data.

Firefish allows you to choose from the following options:

Here's a list of the different legal basis you can select and what they mean:

  • Consent Request: Creates the candidate and sends login details to direct them to login and accept the agreement with the option of an email being sent.

  • Consent Provided: Creates and agrees to the candidate agreement with the option of an email being sent. Can be used when you've received consent from a candidate. More information on this type of legal basis can be found on the ICO Website here

  • Legitimate Interest: Creates and agrees to the candidate agreement with the option of an email being sent. This can be used when you use a candidates data in ways they would reasonably expect and which have a minimal privacy impact, or where there is clear justification for the processing of their data. More information on this type of legal basis can be found on the ICO website here.

  • Not Applicable At This Stage: This is available when adding candidates to the system. It will just create the candidate without opting them into any agreement.