<img height="1" width="1" src="https://www.facebook.com/tr?id=227885354293703&amp;ev=PageView&amp;noscript=1">

GoHire & The General Data Protection Regulation (GDPR) Compliance

This information was last updated on May 12, 2025.

At GoHire, we are fully committed to protecting the personal data of our clients and their candidates in accordance with the UK General Data Protection Regulation (UK GDPR) and EU GDPR. We take our responsibilities as a data processor seriously and provide features to help our clients (as data controllers) remain compliant.

What is GDPR?

The General Data Protection Regulation (GDPR) is a legal framework that governs the collection, use, and protection of personal data of individuals within the UK and EU. Any organisation processing personal data from these regions — including recruitment data — must comply with GDPR requirements.

Your responsibilities as a data controller

When using GoHire to collect and manage applications, your organisation is the data controller. This means you determine what data is collected, why it’s processed, how long it’s kept, and who it’s shared with.

As a controller, you are responsible for:

  • Providing candidates with a privacy notice

  • Determining a lawful basis for processing data

  • Responding to subject access and deletion requests

  • Ensuring appropriate retention and data hygiene policies

GoHire gives you the tools and infrastructure to help meet these obligations efficiently.

Our role as a data processor

GoHire acts as a data processor, meaning we process candidate data only under your instructions and never for our own purposes. Our obligations and responsibilities are defined in our Data Processing Agreement (DPA), which forms part of our Terms of Service.

How GoHire supports GDPR compliance

We have implemented a comprehensive GDPR compliance programme and offer features that include:

  • Customisable candidate consent tools

  • Full access and deletion controls for applicant data

  • Data retention policy enforcement options

  • Detailed activity logs and audit trails

  • Encryption at rest and in transit (AES-256 / HTTPS)

  • All data stored in the United Kingdom (AWS London region)

You can find GDPR-specific settings in your GoHire dashboard under Settings > GDPR.

Security and data storage

  • Data is hosted in ISO 27001-certified data centres via Amazon Web Services (AWS), London.

  • All web traffic is encrypted via HTTPS.

  • All stored data is encrypted using AES-256.

  • Access to personal data is strictly limited to authorised personnel.

  • We regularly conduct security reviews and external audits.

See our Security page for more details

Subprocessors

We work with a small number of trusted subprocessors to deliver our service (e.g. email, infrastructure). We maintain an up-to-date list of subprocessors here, including their location and purpose.

Questions or concerns?

If you have specific questions about how GoHire handles GDPR, or if you need help fulfilling a data subject request, please contact: support@gohire.io.