Amberjack has long been setting the standards in future talent and intake-based volume recruitment. Their advanced systems and intelligent solutions are designed to deliver the ultimate candidate experience. From intelligent attraction to RPO and bespoke assessment and selection tools, they will work as an extension to your team. Building a solution that fits you. They are a passionate strategic partner, focused on not only optimising ROI, but creating tools and processes that will deliver results. They are the quality behind the quantity. Amberjack does what’s right for their clients and their candidates. They don’t know any other way.

Amberjack has solidified its reputation for leading the world of recruitment through its impressive trophy cabinet, scooping some of the industry’s most coveted awards.

In 2018, alone, they won the greatest number of awards of any organisation at The Recruiter Awards 2018. Amberjack won the Outstanding Outsourced Recruitment Organisation Award and Supplier of the Year Award, directly, and, in partnership with client Mars, the Best Candidate Experience Award, and, in partnership with client Morrisons, the Best Apprentice/School Leaver Recruitment Strategy Award.

What was the problem?

Amberjack might be taking the world of recruitment by storm but still had to deal with GDPR in a way which enhanced their reputation and built client trust. In early 2017 Amberjack contacted Clayden Law for support in preparing for GDPR.

Selma Behlic, Head of Quality & Compliance explains:

“Clayden Law was recommended by our IT Director, who had worked with Piers and his team at previous companies. Initially, Piers came in and spoke to the project team about some of the main implications of GDPR. Being honest… when faced with GDPR we didn’t know where to start. Amberjack works across four core strands: Amberjack Technology Solution (where we’re effectively preparing and releasing our own software to the client); Amberjack Technology Solution and RPO (where in addition to client’s version of our software Amberjack service delivery team running the recruitment process); RPO only (where we use the client’s technology and run the recruitment process); and Consulting Solutions (where we help clients improve recruitment performance and efficiency, advise on assessment process design, programme design and technology solutions and provide advice and guidance on specific business objectives such as diversity).

“At each of these stages we have a variety of different types of data to look after and work with - and that’s in addition to our own, internal employee and supplier data. We knew we had a complicated way of processing data, and that we could be either a Data Processor or a Data Controller at different points (and sometimes both).

“We needed someone to support us with the whole process. To work out where the different areas of risk were, to explain how our documentation and activities needed to change, and to develop (and implement) a practical plan for doing all of this.”

What did we do?

We took a methodical approach, breaking this work down into practical steps. First, we worked with Amberjack to understand the scope of their data use - including types and sources of data, as well as how it was used, current contractual arrangements and existing documentation. This meant not only understanding employee and supplier data but also Amberjack’s Applicant Tracking System. We went through workflows for each and every task, involving data, to understand documentation needs, as well as areas of risk.

This work led to our redrafting Amberjack’s standard client contract, as well as producing a tailored Privacy Policy that represented the exact ways in which Amberjack works with client data, within the Applicant Tracking System. Linked to this we produced a series of Data Processing Addendum template for Amberjack to use to remediate existing client contracts so that they were compliant with the requirements of the GDPR.

Amberjack’s GDPR preparation wasn’t limited to client and applicant data, however. Working with over 100 freelance suppliers (who support the assessment processes), we needed to change all supplier contracts and ensure compliance across not only existing relationships, but for the future.

We also helped Amberjack in thinking about retention periods for personal data processed on behalf of clients.

Finally, we provided Amberjack with our elearning suite, produced in partnership with MeLearning. This not only provided documentary proof of Amberjack’s compliance with the training and communication elements of the GDPR, but helped those leading the project to better respond to queries - both internal and external.

We continue to work with Amberjack - like so many organisations there is still work to be done. This includes completing negotiations with suppliers and auditing both supplier and client compliance, moving forward. We are also advising on the incoming ePrivacy Regulations and working with their marketing team to ensure they are as compliant as possible, without restricting ROI from activities.


“Put simply - I have nothing but praise for ClaydenLaw. Piers and, in particular, Hannah, were absolutely fantastic. They were so calm and practical - so willing and able - even when they had to wait for us to juggle client needs and to catch up with missed deadlines, or when they were responding to a vast number of emails and questions from us. We really couldn’t have got to 25th May 2018, in a compliant fashion, without their guidance. ClaydenLaw has made a material difference to the way we work and contributed, directly, to Amberjack’s ongoing success. With ClaydenLaw, we know we have a partner who we can trust to deliver practical advice on time and on budget and we look forward to continuing to work with them as GDPR best practice beds in”