Yena LogoYena.
Sourcing de CandidatosFind and engage candidates.EnrichAuto-fill verified data.CRMCandidate + client relationships.Portal do clienteShare shortlists live.
Certificado SOC 2 Tipo IConforme com o RGPD
Executive SearchAgências de RecrutamentoATS for In-House TeamsRecrutamento Interno
CRM de Recrutamento para AgênciasCRM para Agências de StaffingATS para Executive SearchATS para pequenas agências
Software de Recrutamento de TIRecrutamento IndustrialRecrutamento na SaúdeAssessoria Jurídica e FiscalRetalho e Comércio EletrónicoServiços FinanceirosCibersegurança
ComparaçõesBlogCentro de AjudaGuia de Melhores PráticasGuia ATS com CRMLinkedIn Recruiter vs ATS
Ferramentas GratuitasCalculadora ROI do ATSDiagnóstico de Ops de RecrutamentoParser de CV com IA GratuitoReformatador de CV com IA GratuitoKit de Ferramentas de Recrutamento
Preços
EntrarVer em 15 min

O seu stack de recrutamento, simplificado.

Produtos

  • Sourcing de Candidatos
  • Enrich
  • CRM
  • Portal do cliente
  • Preços
  • Descarregar Aplicação Desktop

Soluções

  • Executive Search
  • Agências de Recrutamento
  • ATS for In-House Teams
  • Recrutamento Interno

Casos de uso

  • ATS para pequenas agências
  • ATS para executive search

Recursos

  • Comparações
  • Centro de Ajuda
  • Blog
  • Guia de Melhores Práticas
  • Guia RGPD
  • GDPR Compliance Checklist
  • Guia ATS com CRM
  • ATS Cost Guide
  • LinkedIn Recruiter vs ATS
  • Retained vs Contingent Search
  • How to Start a Recruiting Agency
  • Recruiting Software Stack Guide
  • Best Cities for Executive Search

Ferramentas Gratuitas

  • Calculadora ROI do ATS
  • Diagnóstico de Ops de Recrutamento
  • Parser de CV com IA Gratuito
  • Reformatador de CV com IA Gratuito
  • Kit de Ferramentas de Recrutamento

Empresa

  • Sobre Nós
  • Contacto
  • Carreiras
  • Política de Privacidade
  • Termos de Serviço
  • Security
  • Data Processing Agreement
  • Cookie Policy

Comparar a Yena

vs Bullhorn·vs Greenhouse·vs Personio·vs Lever·vs Workable·vs SmartRecruiters·vs BambooHR·vs Vincere·vs Loxo·vs Manatal·vs iCIMS·vs Teamtailor·vs Recruit CRM·vs SAP SuccessFactors·vs JobAdder·vs Ashby·vs JazzHR·vs Recruitee·vs Softgarden·vs Crelate·vs Zoho Recruit·vs Traffit·vs Firefish·vs Recruiterflow·vs Recrur·vs Staffin·vs Teamdash
Riga, Letónia | Mazā Nometņu iela 31, LV-1002
[email protected]
© 2026 SIA "New Tech".
GUIA DE CONFORMIDADE RGPD

Conformidade RGPD para Recrutamento na Europa.

Guia de conformidade RGPD para recrutamento na Alemanha, Áustria, Suíça e Europa. Conselhos de Trabalho, retenção de dados, base jurídica, e requisitos de consentimento explicados.

See How Yena Handles GDPR →

Contents

1. Core GDPR Concepts2. Lawful Basis & Consent3. Candidate Information4. Retention & Deletion5. Works Councils (DE)6. Data Subject Rights7. International Transfers8. Compliance ChecklistDownload Templates →

Disclaimer

This guide provides general information and does not constitute legal advice. Always consult with your own legal counsel regarding specific compliance questions for your jurisdiction.

1. What GDPR means for recruiting

  • Controller vs Processor: Agencies and internal talent teams are usually "Controllers" for candidate data. ATS providers like Yena act as "Processors" under a Data Processing Agreement (DPA).
  • Lawful Bases: Recruiting typically relies on either "Legitimate Interest" (Art. 6(1)(f)) or "Consent" (Art. 6(1)(a)). You must be clear which you use and document it.
  • Special Category Data: Avoid collecting unnecessary sensitive data (health, political views, religious beliefs) unless strictly required and lawfully justified.

Yena Angle: Yena's DPA and data model assume controller/processor separation and let you store lawful-basis and consent information at the candidate level.

Base Jurídica para Tratamento de Dados de Candidatos

  • Legitimate Interest: Often used for initial contact and evaluation when sourcing for a specific role. Requires a "balancing test" (LIA) and giving candidates clear information + opt-out options.
  • Consent: More appropriate for long-term talent pools, marketing communications, or when required by strict local interpretation. Must be specific, informed, freely given, and withdrawable.
  • DACH Nuance: Regulators and Works Councils in DACH often expect a higher bar for long-term storage and reuse of candidate profiles, especially for unsuccessful applicants.

Yena Angle: Yena can store lawful-basis flags per candidate and supports notes on Works Council agreements or internal policies for retention.

3. Information obligations (Art. 13/14)

  • Transparency: You must provide privacy information when collecting data directly (applications) or indirectly (sourcing from LinkedIn). Include: identity of controller, purposes, legal basis, retention, and rights.
  • Timing for Sourced Candidates: Information should usually be provided within a reasonable timeframe (e.g., at first contact or within one month max).
  • Audit Trail: Keep records of when and how privacy information was provided (e.g., template email sent, link to policy included).

Yena Angle: Use Yena templates and activity logs to automatically record when privacy notices were sent and track candidate communication history for auditability.

Períodos de Retenção de Dados

  • Purpose Limitation: You cannot keep data "forever, just in case". Many DACH employers agree on retention windows (e.g., 6–24 months) for unsuccessful candidates.
  • Executive Search Exception: Executive search firms may justify longer retention where long-cycle relationships are documented and candidates are informed and can opt out.
  • Deletion Rules: Implement clear rules: automatic anonymisation/deletion after X months without activity, plus manual deletion on request.

Yena Angle: Yena supports retention configurations and provides archiving and deletion flows to help agencies implement their own retention policies.

5. Works Councils and German Specifics

  • Co-determination: In Germany, Works Councils (Betriebsräte) often have co-determination rights on HR systems, including ATS and recruiting processes (under BetrVG).
  • Betriebsvereinbarungen: Agreements may specify exact data fields, retention periods, access controls, and transparency obligations for any recruiting software used.
  • Proactive approach: Early involvement and clear documentation of how the ATS handles access, logs, and deletion usually speeds approval.

Yena Angle: Yena's DACH-first design (EU hosting, role-based access, audit trails) is aligned with common Works Council requirements, helping firms get sign-off faster.

6. Handling data subject rights

  • Rights: Candidates can request access, correction, restriction, or deletion ("Right to be Forgotten"), and may object to processing (e.g., talent pools).
  • Timelines: Controllers must generally respond within one month. You need internal procedures to identify and act on these requests promptly.
  • Coordination: Clear coordination between agency and client is vital when sharing candidate data. Who is responsible for responding and updating systems?

Yena Angle: Yena provides search, export, and deletion capabilities per candidate, making it easier to fulfil requests across pipelines and clients.

7. Where data lives and where it can go

  • EU Hosting: Many DACH recruiters strongly prefer (or require) EU-hosted systems to minimize transfer risks.
  • Transfers: Cross-border transfers (e.g., to the US) require safeguards such as Standard Contractual Clauses (SCCs) or the EU-US Data Privacy Framework.
  • Documentation: You must document where your ATS hosts data and what subprocessors it uses in your privacy notices.

Yena Angle: Yena is designed around EU hosting options (Google Cloud Platform, Europe-West) and provides a documented subprocessor list to support DACH-first expectations.

8. Checklist: making your agency DACH-ready

  • Map Data Flows: Identify all sources (LinkedIn, referrals, applications), systems (ATS, email), and recipients (clients).
  • Define Lawful Basis: Decide on legitimate interest vs consent for key activities and document your balancing tests (LIA).
  • Update Privacy Notices: Ensure applicants and sourced candidates receive compliant notices (Art. 13/14).
  • Set Retention Periods: Agree on timelines and configure your ATS archiving/deletion rules accordingly.
  • Rights Protocol: Document a process for handling access and deletion requests (who does what, in which system).
  • Works Council (DE): Involve them early; share system documentation, data model, and access controls.
  • Contracts: Sign Data Processing Agreements (DPAs) with your ATS and other processors.

Yena Angle: Most of these steps are much easier when your ATS is designed for GDPR and DACH out of the box—exactly what Yena was built for.

Templates to help you operationalise compliance

GDPR Data Map

Spreadsheet template to map your recruiting data flows, systems, and bases.

Privacy Notice Template

Word doc template for informing sourced candidates (Art. 14 notification).

Works Council Pack

Briefing slides covering ATS data fields, access controls, and retention logic.

We respect your inbox. No spam.