How can we help you?

Submit a request
  1. Greenhouse Support
  2. GDPR
  3. Configuration

Delete Candidates' Personal Data

Last Updated On: 
Follow

Note: Managing GDPR functionality can only be performed by a user with Site Admin level permissions.

To comply with GDPR, you can select specific candidate data to be deleted when requested by the candidate or after a candidate has been rejected from all applications, at a time specified by you and your legal team. As is the case with other features that help your offices be GDPR compliant, we advise that you seek legal counsel before configuring the details of this feature.  

In this article, we will cover how to:

 

Activate Delete Candidates' Personal Data Feature for GDPR Compliant Offices

To activate the feature for GDPR compliant offices, click on the Configure tab from your Dashboard and navigate to the GDPR tab from the left-hand panel.

Screen_Shot_2018-04-05_at_12.11.04_PM.png

From the GDPR page, navigate to the Delete Candidates' Personal Data panel and click the toggle button so ON is displayed.

Screen_Shot_2018-04-05_at_12.14.51_PM.png

Any future configurations made to Delete Candidates' Personal Data will be applied to candidates for all GDPR compliant offices.

 

Data to be Deleted

To choose what candidate personal data will be deleted for candidates, click Edit in the Data to be Deleted row.

Screen_Shot_2018-04-05_at_1.35.43_PM.png

Select which candidate data you would like to delete from the subsequent list of candidate personal data.

Note: Any personal data deleted will no longer show up in reports.

When you have finished, click Save to confirm your selections. 

Screen_Shot_2018-04-05_at_1.47.11_PM.png

Note: Selecting Name from the Data to be Deleted panel will anonymize the Candidate throughout the system except from the Candidate's Activity Notes. To remove a Candidate's name from Activity Notes as well, select Activity Notes from Data to be Deleted.

Screen_Shot_2018-06-11_at_12.45.16_PM.png

 

Data Retention Period

After you have selected what candidate personal data should be deleted, you will need to set a timeframe for how long your organization plans to retain that data before deleting it.

To set the retention period for candidate personal data, click Edit in the appropriate row.

Screen_Shot_2018-04-05_at_4.01.47_PM.png

From the subsequent field, input how long (in days) your organization wishes to retain candidate personal data after they have been rejected on all applications.

When you have finished, click Save.

Screen_Shot_2018-04-05_at_4.14.00_PM.png

The data retention timer will start from when a candidate is rejected on all job applications and will be applied retroactively to all rejected candidates. You will receive an email immediately for existing rejected candidates in your system if those candidates exceed the data retention period

For example, if you activate the data retention timer on May 25, 2018 and set the period for 365 days. You will receive an email immediately after activation to delete candidate personal data for any rejected candidates who were rejected on or prior to May 25, 2017

Note: If a rejected candidate is converted into a prospect for a different job or is otherwise being considered for another job, the data retention timer will be deactivated and reset. Likewise, if a job is moved to a non-GDPR compliant office in your organization, the data retention timer for candidate personal data will also be deactivated.

Screen_Shot_2018-04-23_at_1.42.44_PM.png

To manually edit the data retention timer for the individual candidate, click Edit.

Screen_Shot_2018-04-23_at_1.46.46_PM_copy.png

Use the provided field to input a new end date for the data retention timer. When you have finished, click Save

Screen_Shot_2018-04-23_at_1.51.39_PM.png

Note: Altering the data retention timer for a candidate will generate an Activity Feed entry to record the change.

 

Notifications

Since deleting candidate personal data is a destructive process, it is not automated and must be done manually. Once the data retention timer has lapsed for candidates rejected on all job applications someone will be notified that they should manually delete the data. 

To configure the notification to delete candidate personal data, click Edit in the appropriate row.

Screen_Shot_2018-04-06_at_1.26.03_PM.png

From the subsequent fields, select users who should be notified of candidates who need their personal data deleted. Additionally, you can manually add individual or group email addresses by clicking +And/Or Add Email and inputting their email addresses.

Screen_Shot_2018-04-06_at_1.38.24_PM.png

Next, select the time, time zone, and on what day(s) you would like notifications to be sent out. When you have finished, click Save.  

Screen_Shot_2018-04-06_at_1.41.19_PM.png

Recipients will be notified on the day and time selected that the data retention period for certain rejected candidates is over and the candidates' personal data should be deleted.

screen_shot_2018-04-12_at_10.14.35_am.png

 

Delete Individual Candidate's Personal Data

If you have been notified to delete an individual candidate's personal data because:

  • the data retention timer has lapsed on a rejected candidate
  • or you are responding to an individual request to have personal data deleted by the rejected candidate

You can delete pre-selected candidate data by navigating to the rejected candidate's profile (Dashboard>Candidates>Name of Rejected Candidate). 

From a rejected candidate's profile, navigate to the top panel.The data retention timer should be displayed. To delete the candidate's personal data, click Delete Data.

Screen_Shot_2018-04-23_at_1.46.46_PM.png

A dialog box will confirm the pre-selected personal data fields that will be deleted. To continue, click Delete Candidate.

Screen_Shot_2018-04-06_at_3.43.18_PM.png

 

Delete Candidate Personal Data in Bulk

If you need to delete the personal data for multiple candidates because their data retention timer has lapsed, click the Candidates tab on your navigation bar.

From the Candidates page, navigate to the Profile Details tab on the left-hand filter panel. 

Screen_Shot_2018-04-24_at_9.46.46_AM.png

Expand the Profile Details filter pane and filter your list of candidates by Rejected and GDPR data due to be deleted.

Screen_Shot_2018-04-24_at_9.53.11_AM.png

When your list of candidates have been filtered by the appropriate requirements, click Bulk Actions.

Click Select All to choose all candidates on the filtered list. 

Screen_Shot_2018-04-24_at_9.56.59_AM.png

Click Edit Selected (#) and from the subsequent dialog box navigate to the Action header and click Delete Candidates' Personal Data.

Screen_Shot_2018-04-24_at_9.59.30_AM.png

Review all the pre-selected personal data fields that will be deleted for candidates included in the bulk action. When ready, click Delete Data

Screen_Shot_2018-04-24_at_10.03.36_AM.png