In addition, you will almost certainly receive requests from EU citizens, making it essential for your business to be in compliance with the RGPD. In the event of an exam, you must be able to prove that you responded to your candidates` requests after their data was deleted. Our proposal is to appoint a Data Protection Representative (DPD) in your company to conduct internal audits and ensure compliance with the RGPD. If the database hosts profiles of candidates, it is usually their responsibility, as they are responsible for processing, to ensure that they are in compliance with the RGPD and that they have obtained the necessary agreement to share with you the candidates` profiles. However, as you will become the data manager once candidate profiles are duplicated in your systems, it is certainly advisable to consult your suppliers on their efforts to become compliant. Can I ask applicants to renew their consent to keep their data? They should review the local legislation applicable to these cases. SmartRecruiters offers a global compliance center that makes it easier to adapt data storage policies for each application case. Download our SmartPaper for a detailed overview of the RGPD and its potential effects on your recruitment data.