We would suggest that you have different privacy policies for different categories of data subject. One for candidates and contractors; one for clients, business contacts and service providers; possibly a separate notice for website visitors; and one for your own employees.
The GDPR sets out what needs to be in these documents but they should be 'living' documents, updated to reflect the changes in your business practices.
They should explain what data you are processing about people, to a granular level. For example:
You also need to detail the legal bases you are using to process data, and any special category conditions you are relying on to process special category information.
Some recruiters will have to process sensitive personal data about DBS checks and criminal records. You might need to take into account any health or disability issues for your screening and accessibility. Both of these would constitute special category data.
Include information about any automated processing you might use for screening CVs.
If you are a global business, or place candidates globally, have you covered off transferring data between the group or outside the EEA?
You also need to let data subjects know what their rights are and how they can complain.
We can provide you with a checklist of what needs to be in your privacy statements if you want to do an audit to check your business' compliance.