The DPDP Audit Tool
Compliance for Recruitment & Staffing
👥

Recruitment & Staffing
Liability Check

📄

Recruitment firms hold resumes, salary histories, and reference checks — highly sensitive data with no clear retention policy in most agencies.

Why Recruitment & Staffing is at Risk

Recruitment agencies are sitting on massive databases of CVs, salary structures, employer histories, and reference contact details. Under DPDP 2023, a resume sent for one job opening cannot be stored indefinitely or shared with other clients without fresh consent. The candidate is the Data Principal and has the right to request erasure.

Common Violations

  • 1.Retaining candidate resumes indefinitely in databases without consent refresh.
  • 2.Sharing candidate profiles with multiple employers without candidate's knowledge.
  • 3.Collecting excessive data (e.g., religion, marital status) not relevant to the job.

The Immediate Fix

Set a **90-day consent expiry** on all candidate data. After 90 days, seek fresh consent or delete. Minimize data collection to job-relevant fields only. Implement a self-service 'Delete My Profile' portal.

Get DPDP Updates for Recruitment & Staffing

We'll send you compliance alerts and deadline reminders specific to your area. No spam — unsubscribe anytime.

Unbundled consent — the DPDP gold standard. Unsubscribe anytime. Privacy Policy

Book a Free DPDP Consult
or
Get Your Free Recruitment DPDP Score

Projected Compliance Deadline: Immediate

What Should You Do Next?

🔍
Get a Full Company Analysis

See how top companies score on DPDP compliance

🎓
Train Your Team

Book a DPDP compliance workshop — online or onsite

📰
Stay Updated

Daily DPDP news digest — enforcement, breaches, policy