Benefits Candidate Experience Case studies Feedback HR metrics Recruitment Talent Acquisition tomHRM updates
BLOG · Benefits, tomHRM updates

tomHRM Platform GDPR Compliance

GDPR, the new EU regulation on the protection of personal data, entered into force on 25 May 2018. All EU member states must comply with the new regulations.

GDPR Compliance

GDPR, or the General Data Protection Regulation, applies to all companies that store and process personal data.

If you use an ATS system for recruitment, it has to comply with GDPR requirements, as well as it should allow you to manage personal data not only in a compliant, but also a convenient, fast and easy way.


 How tomHRM allows you to comply with GDPR requirements


GDPR requirementstomHRM Feature
Candidate’s consent to the processing of personal dataWe provide a tool that allows for collecting candidates’ consent for the purpose of the current or future recruitment process in a structured manner. Consents can be registered or withdrawn in tomHRM.
You can also browse candidates based on the type of consent, as well as ensure the correct way of candidate record processing according to the registered consent.We comply with the right to withdraw consent.
Privacy and cookie policy On the Career Page, you can display a dialog box with information about cookie policy for all visitors. You can also add a link to your privacy policy.

We comply with the right to be informed.

Personal data processing periodYou can configure the desired period of candidates’ personal data processing to not forget deleting it.

You can also enable the automatic deletion of candidate’s data after a certain number of days which will allow you to automate your work.

We comply with the right to be forgotten.

Deleting data and limited processing In tomHRM, you can effortlessly delete the candidate’s personal data and easily notify the candidate about it.

You can also limit the processing of the candidate’s personal data by moving to a talent pool.

We comply with the obligation to delete data or limit its processing.

Data migrationYou can use the option of exporting the candidate’s personal data to a CSV file.

We comply with the right to data portability.

Data storageData is stored in the European Union.
Appropriate security measuresWe have implemented technical and organizational security measures.


The difference between a personal data processor and an administrator

Personal data processor: tomHRM
Personal data administrator: You


tomHRM is a processor of personal data, meaning that:

  • processes personal data on the basis of a written agreement with the Administrator (You), which includes information regarding the scope and purpose of personal data processing,
  • cannot use this data for other purposes than the ones agreed with the Administrator (You),
  • never provides this data to other entities,
  • helps the Administrator (You) comply with the obligation of responding to requests of persons whose personal data are processed.


If you need more information on GDPR compliance, contact us using the contact form.

Newsletter HR

100% advice and news from the HR market and tomHRM