GDPR. Is this the end of 1-click apply?
Let’s discuss 1-click apply. We’ll check out the benefits, some disadvantages and why General Data Protection Regulation (GDPR) gets in the way.
What is “1-click apply”?
“1-click apply” has been offered by job boards such as The Caterer, Indeed and TotalJobs. It allows jobseekers to submit job applications with a single click. Personal information, a CV, covering letter and other documents are all packaged and delivered with ease. It’s so easy that some jobseekers apply for too many jobs too quickly and without thought.
The perceived benefit of “1-click apply”
“1-click apply” promises frictionless job applications that are quick and convenient. That results in more job applications for employers and the evidence is certainly there to support it. The job boards and employers should be happy because everyone wants more job applications. But wait, is there a downside?
The downside of “1-click apply”
HR managers and internal recruiters suggest that “1-click apply” is responsible for a number of unforeseen issues:
- There are more irrelevant job applications. There’s no buffer to stop jobseekers looking before they leap. Those applications soak up valuable time.
- The best candidates can be hidden in a bigger pile of less useful applications. That’s not great when the market is so competitive.
- The proportion of interview no-shows seems to increase. Weaker up-front qualification by the jobseeker can result in poorer interest overall.
- What about compliance and GDPR?
1-click applications could be unintentionally reducing the average quality of job applications. They also shoot personal details across to other systems without consent!
GDPR, a “1-click apply” killer?
GDPR is here and it’s a game changer for the recruitment industry. Under GDPR rules, personal information must be secure and less easily distributed. Organisations receiving personal information will be subject to obligations such as:
- Supporting individual consent for holding and processing personal information for a specific purpose. Consent must be via a positive opt-in, not to be inferred from silence, pre-ticked boxes or inactivity.
- Informing applicants that personal data has been received.
- Offering access to personal information to validate lawfulness of any data processing.
- Supporting the right to be forgotten.
1-click apply passes personal data from a job board to the receiver’s ATS or email system. Up until GDPR came along, the applicant had no knowledge of the target system and no consents were captured in advance. Receiving systems could be home-grown, supplied by a vendor, living on an office server or hosted in the cloud. Receivers could be in any country and demonstrate varying levels of data security. Whoops!
1-click must change if it is to be GDPR compliant. Thankfully it has for some job boards. For example, Indeed released Indeed Apply. With it, your ATS can instruct Indeed to request necessary consent(s) from the applicant. Critically, applicants give consent before Indeed sends personal information to the ATS.
Indeed Apply is much more than that. It allows an ATS to give it questions that it should ask any applicant. Everything is completed on Indeed before being packaged for delivery to the ATS.
“1-click apply” seems like a good idea. It decreases friction in the process and encourages more people to complete their applications. However, when made too easy, employers receive thoughtless applications and that spoils the potential gains.
We must also conclude that 1-click it isn’t GDPR compliant. However, adding one or two more clicks to gain the required ATS consent(s) and this does satisfy GDPR. 1-click must therefore morph into quick-click for most jobs boards. Perhaps they should take a lead from Indeed.
So how can we implement 1-click apply ?
You can’t. Potential fines for any GDPR breach are eye watering, so a “safety first” approach is the right approach:
- When receiving personal information, ensure that you’re receiving it in an ATS rather than an email system. Have your ATS gain consent(s) in advance of receiving personal information by any quick-click methods.
- Ensure each applicant can access and edit personal information in your ATS. Even if a job application came via quick-click methods, the applicant should have a way of accessing it.
- Your ATS should prevent the speculative distribution of personal information without the prior consent of the candidate. This point is directed at recruitment companies.
Raw “1-click apply” cannot survive GDPR. But, requesting additional consent(s) for pre-packaged applications is hardly inconvenient. Consider adding some application questions. Questions make applicants pause for a moment and that can reduce the number of irrelevant job applications. The more you ask, the fewer irrelevant applications you’ll receive.
Indeed resolved the GDPR / 1-click issue with the introduction of Indeed Apply. You can get low friction recruitment and full compliance so long as you have an ATS that works with it.
Want to know more?
If you’re looking for an ATS that works with Indeed Apply, check out the article ‘Get more applicants with Indeed Apply‘. CVMinder ATS can build complete application forms on Indeed Apply automatically.
If you you would like to review your recruitment approach and check it for GDPR compliance, then please contact us now. We’re here to help.