Single purpose consent is one of the features Greenhouse Recruiting provides to help you achieve GDPR compliance.
About single purpose consent
Under traditional data consent rules, when a candidate provides consent, that permission is applied to a broader range of potential uses.
However, Recital 32 of GDPR states, "When the processing has multiple purposes, consent should be given for all of them" and recommends that these broad rules be updated to "single purpose" - or, smaller statements of permission that cover a single action.
Check single purpose consent status in Greenhouse Recruiting
Single purpose consent information is configured in the Privacy & Compliance section of the Configure page.
You'll know single purpose consent is enabled when the Legal Basis section of your GDPR page includes two options: consent to process and consent to retain.
Enable single purpose consent
If you are a brand-new Greenhouse customer or or are setting up GDPR settings for the first time, single purpose consent is enabled by default.
If your organization enabled GDPR on or before July 10, 2023, you'll be prompted to enable single purpose consent and move over to the new system.
When you enable single purpose consent, you'll have to select the legal basis for each type of consent.
In traditional data consent rules, your organization would choose one policy (legitimate interest or explicit consent) for the entire organization. However, since single purpose consent further breaks down the candidate's data preferences, you will end up with one of four combinations.
Continue on this page to finish your setup.
If you decide to change from "legitimate interest" to "explicit consent" during your setup, all active candidates (including those manually added to Greenhouse Recruiting) will be marked as "consent required" and a banner will appear on their profile. These candidates can be sent an email from their candidate profile and will have 30 days to update their consent with the new settings.
If a candidate does not provide consent within 30 days, their data will be queued for deletion. After 30 days, you also will not be able to resend the consent email.
Frequently Asked Questions (FAQs)
Which legal basis combination should I use?
We encourage you to consult your legal counsel about how GDPR affects your organization.
What does the candidate experience look like for each legal basis combination?
The way candidates give consent to data processing and data retention depends on which legal basis combination you choose. Learn more about legal basis combinations.
How is candidate data managed with each legal basis combination?
The handling of candidate data depends on which legal basis combination you choose. Learn more about legal basis combinations.
Is consent text configurable?