Digital transformation driven by large language models (LLM) such as ChatGPT or Google Gemini is becoming increasingly common. These tools promise significant improvements: from candidate selection, through message generation to creating summaries and reports. However, in order to implement artificial intelligence in recruitment safely and efficiently, not only technological openness is required, but also awareness of legal and ethical consequences \u2014 especially in the context of GDPR and AI Act regulations. Indeed, the use of AI in recruitment processes directly affects people \u2014 their career opportunities, sense of fairness, and trust \u2014 which entails a responsibility for protecting the privacy and security of candidates’ personal data.<\/p>
The recruitment process often starts with an email containing a general description of recruitment needs, e.g., “we’re looking for an engineer”. Can such an email be immediately passed to the LLM model to generate briefing questions? In theory, yes, but only with the appropriate precautions.<\/p>
If a message includes, for example, the name and surname of the person a candidate is to replace, at this stage we are already dealing with personal data processing. The safest solution is anonymization, especially if we use external models that may transfer data outside the European Economic Area. In such a case, it’s necessary to ensure compliance with regulations, e.g., by implementing Standard Contractual Clauses (SCCs). Even if the message doesn’t mention names, but the information allows to identify a person, we’re dealing with personal data.<\/p>
Planning to record a conversation, especially online, requires great attention. GDPR imposes the obligation to inform the candidate about the recording, and their consent is necessary in such cases. This is particularly important if the conversation is to be transcribed or may contain sensitive data. The candidate’s consent to the recording can be verbal, e.g., a brief confirmation during the conversation (“yes, I agree”), but according to the principle of accountability, it’s best to have it in a permanent form \u2014 even in an email. Recording without the candidate’s knowledge can be considered a violation of their personal rights, including the right to privacy.<\/p>
Recording conversations with tools such as Fireflies or Otter can significantly streamline recruitment processes, but only if several important conditions are met. First and foremost, it’s worth ensuring that the tool provider offers a data processing agreement (DPA), which is paramount for compliance with GDPR. It’s also important that the tool is approved by the IT department \u2014 this concerns not only infrastructure security but also compliance with internal data protection policies. Before implementing any solution, it’s also worth checking the company’s personal data processing policy. A seemingly obvious step, yet it helps minimize the risk of errors, oversights and potential regulatory violations.<\/p>
After meeting with the manager, recruiters might want to use an LLM to create a summary of the conversation. Here again arises the question \u2014 is the transcription a collection of personal data? If it has been anonymized, it isn’t. If it contains names, opinions or assessments, it definitely is, and then it’s subject to GDPR regulations.<\/p>
In some paid versions of language models, it’s possible to disable the utilization of user data for model training, which reduces the risk of unauthorized use of the information. However, if you process personal data, you must have a proper legal basis and meet all the obligations specified in the regulations.<\/p>
LLMs perform well in creating job descriptions, provided that the recruiter supplies the model with sufficiently precise information. At this stage, the legal risk is minimal. However, greater attention should be paid to the operation quality and the potential impact on the organization’s image. LLM models can help create job postings, select publication sites (e.g., GitHub, LinkedIn) and prepare search phrases that can be used in candidate-finding tools such as LinkedIn Navigator or Google. In this case, the risk is not high, as long as that you check the terms of service and avoid mass actions (e.g., scraping). It’s important to ensure that a human is involved when creating these phrases, which should be inclusive and gender-neutral to avoid discriminatory outcomes.<\/p>
The analysis of candidate resumes using AI models involves processing personal data and can lead to profiling, which is the assessment of individuals based on their resumes. In accordance with GDPR, we can’t make decisions solely based on the operation of an AI system, e.g., automatically rejecting an application for a position without human involvement.<\/p>
We have to be aware that, under the AI Act, using AI systems to assess candidates in the recruitment process is classified as a “high-risk AI system.” This, in turn, imposes a series of additional obligations on the employer, such as registering and documenting the system’s operations, ensuring human oversight, applying the appropriate technical and organizational measures, and being transparent with candidates. Candidates must know that their data is being analyzed by AI, and their consent \u2014 or at least information about such practice \u2014 should be included in the company’s privacy policy.<\/p>
The principle of data minimization is equally important in the recruitment process. We must avoid processing information that’s not essential for assessing a candidate such as photos, age or marital status. Where possible, it’s advisable to properly secure data by using pseudonymization or anonymization. The former involves transforming data in a way that prevents it from being directly linked to a specific individual but allows their identity to be reconstructed by means of an identification key, for instance. On the other hand, the latter means permanently removing all information that enables identification. It also ensures that the data can no longer be attributed to any natural person, even when combined with other datasets. As a result, they are no longer recognized as personal data and aren’t subject to further obligations arising from data protection regulations.<\/p>
The use of language models (LLM) to support the recruitment process, e.g., to generate interview questions, analyze interview transcripts or create candidate-role fit reports is permissible, as long as this process is not fully automated. Any assessment of a candidate that leads to the decision to hire or reject should be conducted by a human. When creating personalized messages with the recruitment results, we can also use AI, but it’s important to remember that the recruiter is still responsible for their content, accuracy and final delivery. The applicant also has the right to know that their data are being analyzed by an AI tool and understand the basis on which the final evaluation is made. If a candidate asks about the reasons for the recruitment decision, the recruiter must be able to provide an understandable explanation. Responses limited to “it was AI’s choice” are not acceptable. Artificial intelligence can support recruitment but should not replace humans, especially in the process of assessing another person’s competencies.<\/p>
To use AI in HR legally and safely, remember a few key rules:<\/strong><\/p> Implementing AI into HR processes can streamline many operations but also carries responsibility, particularly in the area of personal data and decision-making. That’s why it’s crucial to use this technology consciously and in accordance with existing regulations. An AI with a “human face” is an AI that supports decision-making processes but leaves key decisions to the human side, especially when the data and future of another person are at stake.<\/p>","protected":false},"excerpt":{"rendered":" A few words on responsibility in recruitment processes.<\/p>\n","protected":false},"author":252,"featured_media":13113,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"rank_math_lock_modified_date":false,"footnotes":""},"categories":[797,888],"tags":[],"popular":[],"difficulty-level":[36],"ppma_author":[882,632],"class_list":["post-13148","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ai-in-industries","category-business-2","difficulty-level-easy"],"acf":[],"authors":[{"term_id":882,"user_id":456,"is_guest":0,"slug":"zuzanna-rozek","display_name":"Zuzanna Ro\u017cek","avatar_url":{"url":"https:\/\/haimagazine.com\/wp-content\/uploads\/2026\/05\/obraz_2026-05-24_232140515.png","url2x":"https:\/\/haimagazine.com\/wp-content\/uploads\/2026\/05\/obraz_2026-05-24_232140515.png"},"first_name":"","last_name":"","user_url":"","job_title":"","description":"Specjalistka ds. prawnych aspekt\u00f3w wykorzystania sztucznej inteligencji. Zajmuje si\u0119 analiz\u0105 regulacji dotycz\u0105cych modeli j\u0119zykowych, przetwarzania danych osobowych i odpowiedzialnego wdra\u017cania AI w organizacjach."},{"term_id":632,"user_id":252,"is_guest":0,"slug":"bartosz-dobrowolski","display_name":"Bartosz Dobrowolski","avatar_url":{"url":"https:\/\/haimagazine.com\/wp-content\/uploads\/2025\/03\/GRZEDZINSKI_20241022_GRZ_8847-scaled.jpg","url2x":"https:\/\/haimagazine.com\/wp-content\/uploads\/2025\/03\/GRZEDZINSKI_20241022_GRZ_8847-scaled.jpg"},"first_name":"Bartosz","last_name":"Dobrowolski","user_url":"","job_title":"","description":"Ekspert transformacji cyfrowej i Head of AI Enablement w CampusAI. Od ponad 20 lat doradza firmom w budowaniu warto\u015bci wok\u00f3\u0142 nowych technologii. Konsultant, trener, praktyk i m\u00f3wca TEDx. Szkoli mened\u017cer\u00f3w i projektuje oraz wdra\u017ca procesy adopcji innowacji i narz\u0119dzi opartych o generatywn\u0105 AI."}],"_links":{"self":[{"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/posts\/13148","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/users\/252"}],"replies":[{"embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/comments?post=13148"}],"version-history":[{"count":1,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/posts\/13148\/revisions"}],"predecessor-version":[{"id":13149,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/posts\/13148\/revisions\/13149"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/media\/13113"}],"wp:attachment":[{"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/media?parent=13148"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/categories?post=13148"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/tags?post=13148"},{"taxonomy":"popular","embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/popular?post=13148"},{"taxonomy":"difficulty-level","embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/difficulty-level?post=13148"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/ppma_author?post=13148"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}AI with a human face?<\/strong><\/h4>