If your company can not show the candidates why they were not hired, you are doing a very bad job.
Are you discriminating against protected classes?
Are you rude or offensive in your comments?
Then, stop doing it. That will be a very good side-effect of this situation. Public scrutiny works. If a company needs to make public their interview notes, that notes are going to improve quality and abide to law.
> how strong any company will experience their firehose of GDPR requests to be
If you are big enough to have a big influx of GDPR, you need to automate it.
> how easy it is for them to make requests
It needs to be easy. The goal is not to let your company shield behind "sorry it is too complicated to give you the information". You need to give people easy access to their own data.
> wildcard factors
How is this difference of a Denial of service attack on the technical side? On the legal part, there are lawsuits that are going to be more effective than GDPR that starts with recommendations for improvement.
> The candidate gets back a formatted dump by email of all sorts of recruitment data, including interview notes, etc. There are obvious ways to monetise a service like this, hence incentive for someone to do it.
You only get the data about YOUR own interview. You can not hoard data this way. It works the other way around. The data protection is protecting you from the company monetizing this information without your consent. Companies are the ones hoarding YOUR personal data and creating a business around it without YOUR consent.
Your concerns are the main reason GDPR was created.
You sound like you've never had to deal with telling a candidate they weren't chosen for a position. There's a reason rejection letters are usually canned responses - it's not that HR teams are unanimously evil people, it's because any bit of information could open up the potential for a law suit, even if in good spirit. Someone gets a rejection letter saying "they aren't a good fit"...oh well it must be because I have different colored skin, right? It's a slippery slope from there.
...in the US. Probably not anywhere else, unless the hiring company is illegally discriminating.
The real reasons for such policies send to be a combination of:
(1) Regardless of organizational policies, hiring managers will still sometimes use directly prohibited criteria, and some of them will clumsily reveal this (perhaps in ignorance of the prohibition) if they provide explanations. A clear blanket corporate no-explanation policy doesn't prevent the bad acts, but prevents the bad acts that slip through other corporate policies from being announced to victims, and
(2) Hiring criteria that aren't directly prohibited may be prohibited indirectly due to disparate impact. Providing honest explanations for negative decisions makes it possible for people who gain access to the explanations given to multiple candidates to discover disparate impacts, and take action against them, and
(3) People attempting to give honest explanations will sometimes explain things poorly in a way which indicates a prohibited (directly or indirectly) criteria was used, either positively (which might be evidence in other cases)) or negatively.
Sure, you can infer all you want, but I'm talking about whether there is grounds for legal proceedings. There is a higher probability that a defense lawyer would take a case where the rejection letter says "you weren't a good culture fit" vs "you didn't get the job". Companies simply do not want to even open themselves up to litigated, even if they've done nothing wrong. Further, there is no commercial incentive to tell the candidate anything other than "you didn't get the job", so why bother?
> People attempting to give honest explanations will sometimes explain things poorly in a way which indicates a prohibited
That's precisely my point. It's very difficult to explain to someone that they've been rejected for a position even in the most sincere and nicest way possible.