GDPR: Impact on the Executive Search and Recruitment Industry

Mercuri Urval is an Executive Search, Professional Recruitment and Talent Advisory firm. Due to the nature of our business, the protection of personal data has always been a focus area for us. As a client or candidate you can be sure that all personal data is safe with us and handled with the greatest care. Mercuri Urval has a large team of international experts working with GDPR and compliance with GDPR.

Meet our Data Protection OfficerLene Juul, DPO Mercuri Urval

Lene Juul has worked with data protection within Executive Search and Recruitment for more than 20 years. With an extensive knowledge of Mercuri Urval operations, she is the Group Data Protection Officer since 2017.

"I really like working with Data Protection Legislation, and I have worked with the topic for more than 20 years. With the GDPR, the question has resurfaced at the top of the agenda for our clients and for us, and it is very exciting. Above all, from my perspective, treating data legislation on an international, rather than national level opens up so many opportunities. Also, for our candidates it means that their rights are better protected in the digital world." 

How will GDPR impact you as a client or candidate?

Mercuri Urval sees GDPR as an opportunity to strengthen the relationship and trust with our candidates and clients. Also, it fits well with our strategic direction to offer a One Company Delivery of Executive Search, Professional Recruitment and Talent Advisory worldwide - it creates yet another platform for One Company thinking.

Mercuri Urval as Data Controller

A part of our core business is to process personal data for candidates and assessment participants. In order for us to offer the best possible services, we keep a continuous dialogue with data subjects relevant to our current and future clients. In combination with using our own developed procedures and services, we will have to make our own independent decisions on the processing of personal data.

Therefore, we consider ourselves Data Controllers according to article 4.7 of the General Data Protection Regulation (EU) 2016/679 (GDPR).

We hold legal processing of personal data as one of the most critical aspects of our operations. In our relationship with candidates in Executive Search and Professional Recruitment processes, as well as with participants in Talent Advisory projects, we rely on Consent as a legal basis for processing data. Therefore, we are to be seen as Data Controllers.

How GDPR inpacts the way we work

A dedicated project team has been preparing our company for GDPR compliance, which among other things included enhancements in these areas:

  • Updating client contracts and Data Processing Agreements
    Data Processing Agreements (DPAs) must be in place between data controllers and data processors ensuring that clear instructions are agreed upon. This means updating DPAs with Mercuri Urval's suppliers as well as updating contracts with our clients clarifying our responsibilities.
  • Updated Consents
    When you as a candidate apply for a position with us or participate in an assessment programme, our processing of your data is based on consent. We have rewritten our consents to match the demands in GDPR..
  • Detailed written record of all personal data processing activities
    The GDPR requires that we keep detailed records of all personal data processing. Therefore, our project team has worked closely with colleagues in Mercuri Urval's offices throughout Europe documenting everything we do – from A-Z. For us, a positive side effect of GDPR is homogenous processing of personal data for all offices within Mercuri Urval.
  • Updating IT systems
    All IT systems have been reviewed to make sure that we continue to keep our candidates' and clients' data safe. Changes have been done  enabling us to comply with the GDPR demands relating to data subject rights – for instance the right to restriction of processing, the right to erasure, the right to data portability, etc.
  • Training, continued awareness - and audits
    Creating guidelines and new routines is not enough. We have to make sure that all Mercuri Urval employees are constantly living up to the high standards of data protection that we as a company are aiming for. Data protection must "live" inside Mercuri Urval. This means ongoing training and constant attention to data protection issues throughout our organisation.


    To support this our DPO will perform audits on a regular basis in Mercuri Urval's offices in Europe and beyond to monitor compliance with GDPR, raising awareness and training staff involved in processing operations.

Your rights as a candidate with us

For Mercuri Urval it is of great importance that we create trustful relationships with candidates, protect their integrity and give them control of their personal data. As from 25 May 2018, GDPR grants extended rights for you as a person (data subject). You can read more here.

To exercise your rights, please contact our DPO on: gdpr.int@mercuriurval.com