Candidate data is sensitive, and we treat it that way. McRoberts operates on a controller/processor model: you remain the Data Controller and we act as your Data Processor, processing personal data only on your documented instructions to deliver the service.

We build GDPR into delivery with privacy-by-design, data minimisation, clear candidate transparency, and strong governance around DPAs, retention, and sub-processors. We also support you in meeting data subject rights requests and maintain clear processes for incident management and notification.

Security is built into how we work. McRoberts is Cyber Essentials Plus certified, and we apply practical controls to protect systems and data while keeping hiring moving reliably.

That includes role-based access, strong account and device security, secure data handling, operational resilience practices, and oversight of third-party tools used in delivery.