A Munich recruitment firm signed a twelve-month contract with an AI sourcing vendor last spring. Nobody on the buying committee asked what happens to a candidate's CV once the platform's model has 'learned' from it. Six months in, a candidate filed a subject access request, and producing a straight answer took three weeks and outside counsel. The gap between a polished sales deck and a data processing agreement that actually holds up is where DACH and EU legal teams quietly kill deals — long after the demo went well.
A vendor-neutral data handling review is a short, fixed set of questions you put to any AI recruiting or sourcing tool before signing — covering automated decision-making, EU AI Act risk tier, biometric data, and retention — so the answer depends on the tool's actual architecture, not which logo is on the pitch deck.
This isn't about picking sides between vendors. It's a checklist you can run against Yena, against a legacy ATS with an AI feature bolted on last year, or against anything else a sales rep puts in front of you. Ask these questions before the contract, not after the first subject access request lands in your inbox.
Why Data Handling Questions Belong in Every AI Recruiting Vendor Review
Data handling questions belong in every AI recruiting vendor review because a hiring algorithm processes personal data at a scale no individual recruiter could match, and German works councils, DACH legal teams, and a growing share of candidates themselves now expect a documented answer — not a verbal assurance — before that algorithm touches a live applicant.
In Germany, a Betriebsrat holds co-determination rights over software capable of monitoring or evaluating employee behaviour, and recruiting tools increasingly sit close to that line even before an employment relationship exists. In Austria and Switzerland, works councils and cantonal data protection offices ask similar questions under different names. That expectation isn't just a DACH quirk, either. The European Commission's 2025 Eurobarometer survey on AI at work found that 62% of Europeans view AI positively in the workplace overall, yet 84% still say it needs careful management to protect privacy and ensure transparency — precisely the gap a vendor-neutral checklist is built to close.
None of this requires a lawyer sitting in on every sales call. If you want the fuller picture of an agency's own GDPR obligations beyond vendor selection, our practical GDPR guide for recruitment agencies covers consent, lawful basis, and candidate rights end to end. What you need here is a fixed list of questions you ask regardless of the vendor, so the answer isn't shaped by how reassuring the account executive happens to be.
GDPR Article 22: Is a Human Actually Deciding, or Rubber-Stamping?
GDPR Article 22 restricts fully automated decisions that produce legal or similarly significant effects on a person, and it applies the moment an AI recruiting tool auto-rejects or auto-ranks candidates without a human who can genuinely change the outcome — not one who just clicks approve on a score they never actually reviewed.
The European Data Protection Board's guidance sets a demanding bar for what counts as meaningful human involvement: the reviewer needs authority to override the system, access to the same data the algorithm saw, an actual understanding of the logic behind the score, and the ability to weigh information the model never had. A recruiter who glances at a green "98% match" badge and clicks next isn't meeting that bar — they're rubber-stamping. Under the regulator's guidance on automated decision-making rights, candidates processed this way can demand a human review and contest the outcome directly.
Ask the vendor: which specific decisions does your model make with zero human involvement, and what does "human review" mean inside your product — does the reviewer see the raw evidence, or just a pass/fail badge?
EU AI Act Risk Tier: Where Does This Tool Actually Sit?
EU AI Act risk tier depends on what a tool actually does, not what the vendor calls it: systems that filter, rank, or screen candidates for a role fall under Annex III as high-risk, while a résumé formatter or interview scheduler usually doesn't, and a serious vendor should state which bucket their product sits in without hesitating.
The Annex III list of high-risk AI systems explicitly names AI used to recruit or select natural persons, including tools that place targeted job adverts, filter applications, and evaluate candidates. High-risk obligations for these systems — risk assessments, technical documentation, bias testing, human oversight — were pushed back from August 2026 to December 2027 under the AI Act's Digital Omnibus deadline agreement. That's a timing shift, not a reprieve — the classification itself hasn't changed, and a vendor treating the delay as "we don't need to think about this yet" is telling you something about their priorities.
A separate rule has no delay attached at all: the prohibited-practices ban has applied since February 2025, and it's the subject of the next section.
Biometric and Sensitive Data: What's Off Limits Regardless of the Contract
Biometric and sensitive data — facial expression analysis, voice-stress patterns, emotion inference from video interviews — sit in the most restricted category under both GDPR and the AI Act, and a tool that scores a candidate's personality or emotional state from their face or voice is very likely processing data that no consent clause can fully legitimise.
GDPR's Article 9 treats biometric data used to uniquely identify someone, along with data revealing health status or sexual orientation, as a special category requiring an explicit exception before it can be processed at all. The AI Act goes further for employment specifically: Article 5's ban on emotion recognition and biometric categorisation prohibits AI that infers emotions in the workplace, full stop, alongside systems that deduce race, political views, or sexual orientation from biometric signals. Straightforward identity verification — matching a photo ID to a face during onboarding — sits in a different, lower-risk category. Scoring "enthusiasm" or "cultural fit" from a webcam feed does not.
Ask the vendor: does any part of your candidate scoring use facial expression, vocal tone, or webcam-derived signals? If so, what's the legal basis, and has it survived a documented data protection impact assessment?
Retention and Deletion: What Happens When the Relationship Ends
Retention and deletion terms matter because GDPR's storage limitation principle sets no fixed number of months — it requires the vendor to delete or anonymise candidate data once its original purpose has expired, and "we retain it to keep improving the model" is not, on its own, a lawful reason to hold onto someone's CV indefinitely.
In practice, six months for unsuccessful applicants and twelve to twenty-four months for consented talent pools are the ranges most European regulators accept without a fight. We go through the full mechanics, including the persistent "7-year GDPR rule" myth, in our guide to candidate data retention. What a vendor conversation adds on top of that is a second, separate question: what happens to data used to train or fine-tune the underlying model? Deleting a candidate's record from your ATS view does nothing if a copy sits in a training snapshot the vendor can't identify or remove.
Three questions worth writing into the contract itself, not just asking on a call:
- What's your default retention period for rejected candidates, stated in writing?
- Once our contract ends, what's the deletion timeline for our data, and do we get confirmation?
- Is any of our candidate data used to train a shared model, and can it be excluded on request?
The Vendor Data Handling Checklist
The vendor data handling checklist below turns four legal categories — automated decision-making, AI Act risk tier, biometric data, and retention — into questions you can put to any AI recruiting tool, whether it's a legacy ATS with an AI feature bolted on after the fact or a platform built around these rules from day one.
Established systems like Bullhorn or Greenhouse were built years before the AI Act existed, and many added AI features through acquisitions or partner integrations since. That doesn't make them non-compliant automatically — it means the documentation trail is worth checking rather than assuming.
| Question to Ask | Legacy ATS + Bolted-On AI Feature | AI-Native Platform Built for This |
|---|---|---|
| Who reviews an automated rejection? | Often unclear — the AI feature was layered onto a workflow designed before the AI Act existed | A named human step with override authority, logged for audit |
| Can you state your Annex III classification in writing? | Frequently vague; AI features were added as add-ons rather than architected around the Act | Documented classification with a risk-management file ready to share |
| Any biometric or emotion-inference signals? | Sometimes, inside older video-interview modules built before Article 5 | None by design, or narrowly scoped identity verification only |
| Default retention period, stated in writing? | Often inherited from a generic ATS-wide policy, not candidate-specific | Explicit, candidate-data-specific, and enforced automatically |
| Sub-processor list and deletion SLA? | Buried in a general terms-of-service page | A dedicated DPA with named sub-processors and a deletion timeline |
Red Flags in a Vendor's Answers
Red flags in a vendor's answers usually sound reasonable in the room and fall apart the moment you ask for something in writing: "trust us, we're compliant," no named sub-processors, no data residency detail, and no willingness to put a retention number in the contract are the most common signs a vendor hasn't actually built for regulated hiring data.
- The compliance answer lives in a slide, not the contract.
- Nobody can name where candidate data is hosted or which sub-processors touch it.
- "We're GDPR compliant" is offered with no mention of Article 22, retention, or a DPIA.
- The Annex III question gets deflected to "we're monitoring the regulation."
- Deletion is described as "possible on request" rather than a stated, contractual SLA.
A vendor who won't put a retention number in the contract has already told you the retention number — just not out loud.
How Yena Approaches These Questions
Yena treats this checklist as a design constraint rather than a compliance afterthought: candidate data stays hosted in the EU, retention limits are enforced in the product rather than promised in a policy document, and no scoring feature touches biometric or emotion-inference signals, so there's nothing to explain away in a due-diligence call.
That doesn't mean every recruiting decision inside Yena skips a human — quite the opposite. Shortlists surface ranked candidates with visible reasoning attached, and a recruiter chooses who moves forward; nothing auto-rejects a candidate without a person in the loop. You can read the specifics in our sourcing product overview, how candidate records get updated in data enrichment, or go straight to the underlying commitments on our security page.
Frequently Asked Questions
Does GDPR require a human to review every AI hiring decision?
Not every decision — only ones that are fully automated and have a legal or similarly significant effect, like an outright rejection with no recruiter involved. GDPR Article 22 restricts these unless a narrow exception applies. Where it does apply, EDPB guidance requires a human with real authority to change the outcome, not just approve it.
Is an AI sourcing or matching tool automatically high-risk under the EU AI Act?
It depends on the specific function. Tools that filter, rank, or screen candidates for a role typically fall under Annex III as high-risk AI systems. A CV formatter or interview scheduler usually doesn't. High-risk obligations for employment tools were postponed to December 2027, but the Article 5 ban on workplace emotion recognition has applied since February 2025.
Can an AI recruiting tool use biometric data like facial analysis in interviews?
Generally, no — not to infer traits. The EU AI Act bans AI systems that infer emotions in the workplace and bans biometric categorisation used to deduce characteristics like race or sexual orientation. Basic identity verification is a separate, lower-risk use, but any personality or emotion scoring drawn from a candidate's face or voice sits in banned territory.
How long can an AI recruiting tool legally retain candidate data?
GDPR sets no fixed number — it requires deletion once the original purpose no longer applies. In practice, six months for unsuccessful applicants and twelve to twenty-four months for consented talent pools are the periods regulators generally accept. A vendor that can't state its default retention period in writing hasn't thought this through.
What should a data processing agreement with an AI recruiting vendor include?
A proper DPA lists every sub-processor by name, states where data is hosted and processed, sets a concrete deletion timeline once the contract ends, defines breach notification windows, and grants you audit rights. If the vendor can only offer a generic terms-of-service page instead, the agreement wasn't built for regulated hiring data.
None of this requires you to become a data protection lawyer before buying an AI recruiting tool. It requires four questions — human review, AI Act tier, biometric scope, retention — asked the same way every time, regardless of whose name is on the platform. Yena answers all four in writing before a contract is signed, which is the point: you shouldn't have to take anyone's word for it, ours included.