The subject of this article is to identify good practices, occurring risks and irregularities in the processing of personal data of job candidates as part of the employee recruitment process and to develop principles for verifying the correctness of the functioning of this process as a tool supporting the audit task. The recruitment process and the associated staff turnover is one of the key areas where the employer should ensure the organizational and legal security of the processed personal data, which undeniably affects its professionalism and the perception of external customers, such as job candidates. The uniformity of the legality of this process is influenced by both national labor laws and EU regulations. The key principles to ensure the compliance of processed data with the requirements of labor laws in the recruitment process are the principle of data minimization and storage limitation, as well as the processing of personal data of job candidates by persons only authorized by the employer, who have committed themselves to the principles of confidentiality and impartiality. The above is also related to the implementation of the controller’s information obligations to job candidates and their correlation with the actual processing of personal data by the controller and its authorized personnel.