SJ REMOTE SOLUTIONS

What is your AI hiring compliance risk worth?

A 60-second indication of your agency's exposure under ICO automated-decision rules, UK GDPR Article 22 and the Data (Use and Access) Act 2025.

Grounded in law and the public record — not guesswork

This is an indicative check, but it's built on the legislation that actually governs AI in hiring and cross-referenced with live ICO enforcement. We don't invent statistics: every figure is driven by your own inputs, and every case behind it is one you can look up yourself.

UK GDPR Art. 22 Art. 35 — DPIA Art. 15 — SAR Data (Use and Access) Act 2025 ICO enforcement register

Recent ICO action includes a £14.47m fine (Feb 2026) partly for failing to carry out a Data Protection Impact Assessment, and a UK school reprimanded for deploying facial recognition without one — the same Article 35 duty that applies to AI candidate screening. Full sources are shown with your results.

Your agency

Candidates processed per year5,000

How much of your hiring runs through AI / automated tools? (CV screening, ranking, advert targeting, scheduling)

Key client / PSL contracts you can't afford to lose3

Average annual value of one such contract£40k

Your safeguards

Formal data-protection complaints process in place? (required since DUAA, 19 June 2026)

Privacy notice that specifically covers AI / automated decisions?

Meaningful human oversight before any automated hiring decision?

Your indicative exposure

Amber risk

Some safeguards missing — addressable, but live.

Adjust the sliders above to see your risk band move in real time.

🔒

See your estimated exposure figure

Enter your email to unlock your full breakdown and have a copy of your indicative report sent over.

We'll only use this to send your report and, occasionally, relevant compliance updates. No spam, unsubscribe anytime.

Regulatory & remediation£0

Client & PSL loss risk£0

Complaint & SAR handling£0

Estimated annual exposure

£0 – £0

The cost of finding out where you stand:

£995 Essentials Scan · from £850/mo to stay covered

Book your Essentials Scan →

How this is calculated — and the evidence behind it

This is an illustrative model driven entirely by the figures you enter — not a regulatory assessment, and it invents no statistics. Every case named below is real and sits on the ICO's public enforcement register. The model rests on the law that already applies to UK recruitment agencies using automated tools:

Regulatory & remediation. Article 35 UK GDPR requires a Data Protection Impact Assessment before high-risk processing — and automated screening of candidate data at volume is very likely to qualify. The ICO is enforcing this now: Reddit was fined £14,472,500 in February 2026 partly for an Article 35 failure, alongside MediaLab (£247,590) the same month. And in July 2024, a UK school was reprimanded under Article 35(1) for introducing facial-recognition cashless catering without a DPIA — if a school's dinner-hall scanner is in scope, so is AI screening across thousands of candidates. This figure estimates the cost of doing reactively, under pressure, what should have been done up front: a defined block of specialist remediation work plus a DPIA, scaled by your AI use and missing safeguards. The ICO's maximum penalty is £17.5m or 4% of turnover.

Client & PSL loss risk. Large employers increasingly run data-protection due diligence on suppliers — DPAs and audit clauses written into PSL frameworks. This estimates the expected value of losing one key contract if a client's audit surfaced an unaddressed gap: contract value × an estimated probability, capped at 30% so the model never overstates.

Complaint & SAR handling. Under Article 15 UK GDPR, any rejected candidate can request all data held about them — including an AI-generated score or ranking — within a statutory one-month deadline; Article 22 gives them the right to contest a solely-automated decision and obtain human review. The ICO pursues subject-access failures relentlessly — multiple recent enforcement actions across police forces, councils and NHS trusts, including the personal prosecution of a company director for refusing one. Since the Data (Use and Access) Act 2025 complaints process came into force on 19 June 2026, a formal handling route is also mandatory. This figure estimates the staff time that volume consumes when no process exists.

We'd rather show our working than impress you with numbers we can't stand behind. Every coefficient above is a stated assumption you can see and challenge — and every case is one you can look up.

This is an indicative, illustrative estimate generated from the figures you enter — not legal or financial advice, and not a regulatory assessment. Actual exposure depends on your specific processing, contracts and circumstances. SJ Remote Solutions can give you a precise picture. © SJ Remote Solutions.