Can we require a candidate to take a personality test?
ANSWER
Such activities may lead to the collection of special category personal data. Some tests may reveal not only information about candidates' traits that are desirable for a given job position — e.g. by determining the candidate's personality type, the way they make decisions, their approach to requirements placed on them, specific problems and tasks, openness to development and new ideas, interaction with people — but also strictly personal information to which the employer should not have access.
The President of the Personal Data Protection Office has not yet spoken directly on the use of personality tests by employers. However, guidance may be found in the UODO Guide on personal data protection in the workplace. In the Guide, in answer to the question "Can an employer process special categories of data of a person applying for a job?", UODO raises, among other things, the issue of the qualification procedure for a candidate for service in the Police. Under Article 25(2) of the Police Act of 6 April 1990, admission of a candidate to Police service takes place after a qualification procedure aimed at establishing whether the candidate meets the conditions for admission to Police service and determining their predisposition to perform that service. From the answer contained in the Guide, it can therefore be inferred that psychological/personality tests that may reveal special category data, such as health data, should be regarded as mandatory only when specific provisions impose on the employer an obligation to verify certain traits/predispositions of the candidate.
Summarising the above considerations, we would recommend that employers exercise considerable caution in using personality tests that may lead to the employer obtaining special category data in the recruitment process, as it is employers, as controllers, who bear the risk associated with breach of personal data protection principles.
As regards conducting tests that are a source of only "ordinary" data and the employer needs to conduct such tests due to the characteristics of a specific position, this is not problematic, and the legal basis for processing data may be both the legitimate interests of the controller and the consent of the data subject.
