The EU General Data Protection Regulation (GDPR) has applied since 2018 and is fully relevant to AI in recruiting. Personal data may only be processed on a clear legal basis – usually contract, consent or legitimate interest. For candidates this means: they have rights to information, correction and deletion.
Article 22 GDPR is particularly important: no person shall be subject to a decision based solely on automated processing that produces legal effects or significantly affects them, unless explicit exceptions or consent apply. Hiring processes therefore generally require a human to make the final decision or to be able to review AI output.
Companies must conduct data protection impact assessments for high-risk AI applications, implement technical and organisational measures and maintain processing records. Violations can attract significant fines.
Lunigi aligns clearly with GDPR principles: data minimisation, clear purpose limitation, transparent information, human decision-making.