In this blog, we discuss 1-click apply, its benefits, its disadvantages and why it will be affected by General Data Protection Regulations (GDPR).

What is “1-click apply”?

“1-click apply” is a facility offered by job boards such as The Caterer,  Indeed and TotalJobs. It allows jobseekers to submit job applications to employers or agents with a single click. Personal information, CVs, covering letters and other documents can all be delivered to the employer effortlessly.   As Krystal Wilbanks, co-founder of Interview Village noted, “You could potentially apply for 20 jobs in a matter of minutes”.

The perceived benefit of “1-click apply”

The “1-click apply” promise is a frictionless process that removes all barriers when applying for a job. It is quicker and more convenient and seems like a benefit because employers want more applicants.  The argument goes that 1-click apply results in more applications and that improves choice. It’s all pretty persuasive, but is it strictly the case?

The downside of “1-click apply”

Speaking to HR managers and internal recruiters, reveals that “1-click apply” is responsible for a number of unforeseen issues:

  1. More people apply for more vacancies that they are ill-suited for. This is because it takes little effort and there is no obvious downside for the applicant. They soak up valuable time.
  2. The best candidates can be slower to identify at a time when the market is competitive.
  3. The proportion of interview no-shows seems to increase. Weaker up-front qualification by the jobseeker can result in poorer interest overall.

The convenience of 1-click apply may be unintentionally reducing the quality of the recruitment process overall.

GDPR, a “1-click apply” killer?

Like it or not, the new General Data Protection Regulation is on its way and should be fully enforceable by May 25th 2018. It could be a game changer for the recruitment industry. Recruitment companies pay to access personal information that they share with prospects and customers. They have often done this without the knowledge and consent of the individuals concerned.

For 1-click apply, we foresee challenging times ahead.  Under GDPR rules, personal information should be more secure and less easily distributed than at present. Organisations receiving personal information will be subject to obligations such as:

  1. Supporting individual consent for holding and processing personal information for a specific purpose. Consent must be considered a positive opt-in and cannot be inferred from silence, pre-ticked boxes or inactivity.
  2. Informing applicants that personal data has been received.
  3. Offering access to personal information to validate lawfulness of any data processing.
  4. Supporting the right to erasure of their personal information.

The challenge for 1-click apply is that personal data will pass from a job board to the receiver’s Applicant Tracking System or email system. To date, the applicant has had no knowledge of the target system and no agreed conditions related to the use of personal data on that target system. Target systems could be home-grown or supplied by a vendor. They could be locally built or in the cloud.  Receivers might be in countries inside or outside of the EU and they might demonstrate wide-ranging interests in the personal information they acquire. Recruiters have found National Insurance numbers, passport scans, club membership details and much more on CVs downloaded from job boards.


In principle, “1-click apply” seems like a good idea.  It decreases friction in the process and encourages more people to complete their applications. However, sharing personal information between job boards and agent or employer systems presents challenges under GDPR.  By contrast, completing an application directly with the employer, suits GDPR. The perceived downside is that more applicants will drop out of the process.

So how can we implement 1-click apply ?

Fines for any GDPR breach are set at eye watering sums, so a “safety first” approach seems like the right one:

  1. When receiving personal information, ensure that you have an ATS rather than an email system. Make sure your ATS notifies the applicant that their personal information is being held by your organisation and for what purpose.
  2. Make sure the applicant has secure access to their information and agrees to terms of use.
  3. Ensure that the applicant can correct and update their personal information.
  4. Ensure the applicant can requests the withdrawal of consent and erasure of information.
  5. Your ATS should prevent the speculative distribution of personal information without the prior, explicit consent of the individual concerned.

Most people agree that GDPR is complicated. Whilst some points of regulation require further clarification, it is hard to imagine how “1-click apply” and frictionless recruitment can remain entirely unaffected.


Stuart Haddow is the founder of XperiSoft Limited which delivers:

  • CVMinder ATS for applicant tracking in Education, Social Care and Catering and
  • CVMinder HUB for Training Providers managing apprenticeships, work placements and employability.


If you would like to chat about making sure you have a recruitment approach that works post GDPR, then please contact us now on 01634 202 101.

Leave a Reply

Your email address will not be published. Required fields are marked *