Find Out More
  • This field is for validation purposes and should be left unchanged.

INEO & GDPR: Maintaining a database based on Legitimate Interest?

Written by: | Category: Advice & Guides, General | June 8, 2018

So, you’ve passed through the GDPR launch and the 25th May 2018 is now behind, rather than in front of you – that insurmountable hurdle that caused you excessive stress on top of all your other routine daily tasks and objectives.  


But don’t sit back in your executive chair just yet!  Whether you’ve sailed through the day with a strong gust helping you along, or whether you’ve barely limped through, unsure of whether you’ve done enough, it’s important to know that the 25th May was actually just the starting point of GDPR, not the end!


Perhaps you’ve gone down the route of ‘Legitimate Interest’, rather than requesting fresh consent.  You’ve cleansed all your data – removing the candidates and contacts you haven’t spoken to in aeons, and those with inaccurate contact information. You’ve sent out a friendly email, or other forms of communication, to the remaining database to let them know you’ve updated your privacy policy, and you now sit on your crossed fingers, cross-legged and hope and pray that the recipients do not wish to click the link to your company’s privacy policy, and exercise their right to be forgotten, or request a subject access request (SAR).


The question that now arises is: How do you maintain your ‘Legitimate Interest’ database now and in the future, without causing too much administrational pain   for consultants?

Good question!


Here are a few steps that can help you to maintain and show your company’s legitimate interest with a candidate or contact, and keep your database up-to-date and   engaged.  


Point 1: Activity Logging is a Must!

Log those phone calls and any other significant activities – it is now an essential requirement – not a desirable!  You’ve been asking your staff to do this since they started, but their initial enthusiasm wanes after a while, and they pick up bad habits. But GDPR means that now you have an excuse. Now you have a fantastic reason to insist they log those calls.


If a consultant doesn’t record activities, no matter how big or small, it’s one more step towards a record becoming inactive and possibly being removed* from the database once their inactivity becomes extensive. (*Depending on your company’s housekeeping policy). It really does mean if you snooze you lose!


Point 2:  Maintain Legitimate Interest in All Processing Areas

Have the facility to record updated legitimate interest on a record.  This could be either processing the candidate for recruitment purposes or being able to market to them, or both. Don’t be fooled into thinking that ‘legitimate interest’ covers all your business’s processes. A separate Legitimate Interest Assessment (LIA) should be completed for each of your processing areas. But, you also need the means to record these separate consents on your database.  This will help with point 3 below and shows that you are aware of the fact that legitimate interest needs to be gained for each process area within your business.


These could be recorded in the form of an extra dropdown list, a series of selection boxes or codes to indicate for example: legitimate interest – recruitment, legitimate interest – marketing, legitimate interest recruitment & marketing, and so on.


Point 3: Engage Mindful Marketing

If your recruitment company sends marketing emails, it is of extra importance that any communications sent are now going to only those that have opted into with a legitimate interest in receiving marketing emails. This is why it is now important to encourage staff to have an open and transparent conversation with their candidates / clients. Asking them whether they are happy to receive interesting targeted marketing material and recording any acceptance.


When creating lists for marketing, the database preparations in point 2 will ensure these records are up-to-date. Ideally, your database will have the facility to remove those entries in lists which are not interested in marketing emails, either via the original search, or via some sort of list filter. As a result, your lists will be more targeted and relevant.


Point 4: Adopt Strategies for Post-Marketing Database Updates

The marketing or recruitment mailer has been sent, and suddenly email bounce-backs come rolling back en masse, cluttering your email exchange and leaving you with a question – what do we do now?


Before we can answer that, we need to understand the nature of a bounce (also please subscribe on the INEO website to gain access to invaluable guidance on how to send, update and action data effectively and on mass):

A hard bounce means the email address doesn’t exist or isn’t valid.  As a result, the record should be updated by removing the email address and updating the bounce email as an activity. The next action will depend on whether there are any other means of communicating with the person. If there are no other means, then the record should be marked as no longer of legitimate interest and set up to be removed by housekeeping. If there are other means of communication (other emails, sms or address), then these would need to be exhausted before marking the record for removal.

A soft bounce means the email was valid and it reached the recipient’s mail server but possibly the mailbox was full, or the server was unreactive, or the message too large. In general, there will be further attempts for up to 72 hours before being deferred. If an email continues to soft bounce for 72 hours it will be added to a deferral list. Soft bounced email addresses do not need to be removed from the record, but the bounce email should be recorded as an activity. If there is no indication that the person received the email, then a further email may need to be attempted. If soft bounces continue to happen to the same record (easily identified by the logged bounce activities), it may be prudent to consider removing the email address and following the same advice for removing the records as per hard bounces.  

Unsubscribe does not necessarily mean delete me. If you are clever with your comms, delete is the last resort. Restrict processing is far more favorable, so provide these options. You client doesn’t want your newsletters or candidates don’t want job alerts but do want to be called about relevant opportunities great, respect their wishes and provide the tailored service they want. Not only will you retain a larger customer base but a happier one too.


So, are you sitting comfortably with legitimate interest?

If some of the above make you feel uncomfortable in the wake of the 25th May, perhaps INEO Consulting can help. We can help add value to your data. We provide a number of services to recruitment companies to help you maintain your newly acquired GDPR compliant database, including configuration, workflow analysis and bespoke database training. Check out our website to see a full list of services and please get in touch if you’d like to have a chat – we’re only a phone call away.

Subscribe to our newsletter

Keep up to date with our newsletter, product reviews and industry news

  • This field is for validation purposes and should be left unchanged.
© 2023 INEO Consulting
Share This