UK GDPR doesn't ban AI from touching candidate data. It demands the same things it always has: a lawful basis, honesty with candidates, and real security. The practical questions are where the data is stored, whether it trains someone else's models, and whether you can delete it. Systems running in your own infrastructure make those answers simple.
What does UK GDPR expect when AI touches candidate data?
The same three things it expects whenever you process personal data: a lawful basis for the processing, transparency with the people whose data it is, and security proportionate to the risk. AI doesn't get its own rulebook; it inherits the one you already work under, applied to a new kind of processing. One thing to say plainly before we go further: this guide is practical guidance from people who build these systems, not legal advice. For legal advice, speak to a solicitor.
Lawful basis means being able to name the ground you're processing on, for the AI step specifically, not just the recruiting in general. Transparency means your privacy notice tells candidates, in words they'd recognise, that automated tools help process their information and what for. Security means knowing where the data flows and who can touch it, including inside any AI tool you've connected. The stakes are set in statute: for the most serious breaches the ICO can fine up to £17.5 million or 4% of total annual worldwide turnover, whichever is higher.
What should you ask any AI vendor?
Three questions before anything else, in writing, and if any answer is vague, that vagueness is the answer.
- Where is the data stored and processed? Which country, which cloud, which sub-processors. "In the cloud" is not an answer. If candidate data leaves the UK, you need to know under what safeguards.
- Does our data train your models? Some tools use customer data to improve their product for everyone, which means fragments of your candidates' information could shape a system serving your competitors. The honest vendors say no clearly, in the contract, not just the FAQ.
- Can we delete it, completely, and how do we prove it? Candidates have deletion rights, and "we've removed it from your view" is not deletion. Ask how erasure works across their backups and sub-processors, and how long it takes.
Add the ownership questions too, because ownership and data protection are entangled: our guide to who owns the AI you pay for has the full contract checklist.
Why does "runs in your own systems" change the answer?
Because most of the hard questions above only exist when candidate data leaves your infrastructure. A system that runs where the data already lives has nothing to send abroad, no vendor database to breach, and no third party whose terms can quietly change. The compliance conversation shrinks from auditing someone else's business to describing your own.
This is our design standard, not an optional extra: the data stays in your systems, nothing is sold on, nothing is used to train any model outside your business, and you can switch any part off. A payroll checking system we shipped runs exactly this way, in the client's own cloud with a full audit trail, and it handles data every bit as sensitive as a CV. The caution business owners feel here is widespread and rational: a YouGov poll found 49% of UK SMEs not planning to adopt AI cite data privacy and security concerns as the reason. The fix isn't to avoid AI. It's to change where it runs. The same logic applies to sourcing tools, which we've covered in can you automate candidate sourcing?
What does enforcement actually look like?
Real fines for careless security, not for using AI. The largest UK GDPR security penalty of 2025 is instructive: in October 2025 the ICO fined Capita £14 million over a 2023 data breach affecting 6.6 million people. The failing wasn't novel technology; it was security that didn't match the sensitivity of the data held.
That's the pattern to learn from. The ICO's cases turn on the unglamorous questions: did you know where the data was, who could access it, and what would happen if something went wrong? An agency that connects candidate data to AI tools it can't fully account for is accumulating exactly that kind of unanswered question. An agency that can point at every flow, because the system runs in its own infrastructure and keeps an audit trail, has answers ready before anyone asks.
What should you check before switching anything on?
Six checks, all boring, all cheaper than any alternative. Work through them before any AI system touches candidate data, whether it's a £30 subscription or a custom build.
- Lawful basis documented. Name the basis for the AI processing specifically and write it down, ideally in a short data protection impact assessment.
- Privacy notice updated. Candidates should be able to read, in plain words, that automated tools help process their data and what for.
- Data location known. You can say which systems, which country and which sub-processors hold candidate data, without asking the vendor first.
- Training use excluded in writing. The contract says your data doesn't train models outside your business. Not the sales deck: the contract.
- Deletion tested end to end. Run a real erasure request through the whole chain once, before you're doing it against a statutory clock.
- A person in every decision that affects a candidate. No fully automated rejections. The system drafts, flags and ranks; a human decides, and candidates can ask for that review.
If a system fails any of the six, fix that before switching it on. It's a morning's work now or a very expensive letter later.
Sources
Figures and claims in this guide draw on our own delivery work and the sources below. We only publish numbers we can stand behind.
- Data Protection Act 2018, section 157 (maximum penalty amounts), accessed 8 July 2026: legislation.gov.uk/ukpga/2018/12/section/157.
- Information Commissioner's Office, "Capita fined £14m for data breach affecting over 6m people", published October 2025, accessed 8 July 2026: ico.org.uk.
- YouGov, B2B Omnibus poll of 1,000 UK SME decision-makers, published 7 August 2025, accessed 8 July 2026: yougov.com/en-gb/articles/52730. The 49% figure is among SMEs not planning to adopt AI.
- AI Nativ.es delivery experience, 2026: the payroll checking build described is a real client project, told without names until we have written permission to use them.