How We Get Your Feedback
Understanding how we use your legal rights under GDPR to compel companies to provide internal application feedback
The General Data Protection Regulation (GDPR) is a European Union law that gives individuals comprehensive rights over their personal data. Enforced since 2018, GDPR applies to any company that processes personal data of EU/UK residents, regardless of where the company is located.
Under GDPR, you have the right to access any personal data a company holds about you, including interview notes, assessment results, recruiter feedback, and internal application evaluations. Companies are legally required to respond to these requests within 30 days.
Data Access Request
When you file a GDPR data access request, you're exercising your legal right under Article 15 of GDPR to obtain a copy of all personal data a company holds about you. This includes any internal notes, interview assessments, recruiter feedback, and evaluation documents created during your application process.
Legal Compulsion
Companies cannot legally refuse to provide this data. GDPR Article 15 requires them to provide "a copy of the personal data undergoing processing" within 30 days. Failure to comply can result in fines of up to 4% of annual global revenue or €20 million, whichever is higher. This legal obligation compels companies to share information they might otherwise keep private.
Comprehensive Data Disclosure
The GDPR request doesn't just ask for basic information. It requires companies to provide all personal data, including internal notes, interview feedback, assessment scores, and any other documentation created during your application. This often includes candid feedback that recruiters wouldn't share voluntarily.
Automated Decision Transparency
Under GDPR Article 22, if a company uses automated decision-making (like AI screening tools or automated assessments), you have the right to understand the logic behind the decision and receive meaningful information about it. This ensures you get insight into why you were or weren't selected.
Companies are legally obligated to respond to GDPR requests because:
- Legal requirement: GDPR Article 15 mandates response within 30 days
- Financial penalties: Non-compliance can result in massive fines
- Regulatory oversight: Data protection authorities monitor compliance and can investigate non-responsive companies
- Reputational risk: Public knowledge of GDPR violations can damage company reputation
- Legal precedent: Courts consistently uphold GDPR rights, making refusal legally risky
Through a GDPR data access request, you can obtain:
Filing a GDPR request can be complex and time-consuming. unghosted simplifies the process by:
- Generating legally compliant requests: We create properly formatted GDPR requests that meet all legal requirements
- Tracking deadlines: We monitor the 30-day response window and follow up if companies don't respond
- Handling non-compliance: If companies fail to respond, we help you file complaints with data protection authorities
- Organizing responses: We help you understand and organize the data you receive
- Providing templates: Our system ensures your requests are professional and legally sound
Our approach is grounded in specific GDPR articles:
Article 15 - Right of Access
This article gives you the right to obtain confirmation that your personal data is being processed and to access that data. It explicitly requires companies to provide "a copy of the personal data undergoing processing."
Article 22 - Automated Decision Making
If companies use automated systems to screen candidates, you have the right to understand the logic involved and receive meaningful information about the decision-making process.
Article 17 - Right to Erasure
You can also request deletion of your personal data after the application process, ensuring companies don't retain your information longer than necessary.
Ready to Get Your Feedback?
Start your data access request today and get the feedback you deserve.