I have. There's no way we will be deleting interview notes the moment a candidate is rejected. For one, we have to be able to prove later that we didn't reject based on grounds of discrimination (other regulations). But you also need the ability to review what your interviewers are doing to ensure consistency and quality of assessment. We also go back and re-read interview notes if someone doesn't make it through probation or gets fired, to see if we could have picked up on the issue earlier.
But hey GDPR defenders, here's a question to ponder. I have argued above that I legitimately need interview notes for the operation of my business. If you disagree, what makes you so sure your interpretation is correct and not mine? Don't you think it'd be good if we could resolve this disagreement in some clear way, like if the law itself spelled it out?
> I have argued above that I legitimately need interview notes for the operation of my business.
That's the point. You're keeping data to comply with a law (Equality laws) or for legitimate reasons, and so you don't need permission and you don't need to delete it when asked.
https://gdpr-info.eu/art-6-gdpr/
> Processing shall be lawful only if and to the extent that at least one of the following applies:
> processing is necessary for compliance with a legal obligation to which the controller is subject;
> processing is necessary in order to protect the vital interests of the data subject or of another natural person;
> processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
> processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Any of these would suit.
I agree that you do legitimately need interview notes, but I don't understand why this conflicts with GDPR. In other words, why am I not allowed to see my interview notes?
The fun of red tape. You will be violating one or the other regulation, that’s the beauty of it.
And yes, civil servants did use those arguments to try and stop FOI. They lost because ultimately they pay themselves out of tax revenues, and when you force people to buy something the bar for denying them information about how that money is used is a lot higher.
This doesn't apply in the case of companies and especially not job candidates.
That said, I don't think it's really comparable to the GDPR. For one FOI compliance is a joke, organisations get out of it all the time on the thinnest of pretexts. There's no real incentive for a government to police itself in this regard. But GDPR enforcement is incentivised by large sums of money, for an organisation that is technically bankrupt.
