Note: Managing GDPR functionality can only be performed by a user with Site Admin level permissions.
To comply with GDPR, you can select specific candidate data to be deleted when requested by the candidate or after a candidate has been rejected from all applications, at a time specified by you and your legal team. As is the case with other features that help your offices be GDPR compliant, we advise that you seek legal counsel before configuring the details of this feature.
In this article, we will cover how to:
- Activate Feature for GDPR Compliant Offices
- Select what candidate personal data will be deleted
- Configure how long your organization wants to hold onto candidate personal data
- Configure who will be notified when it is time to delete the data
- Delete an individual candidate's personal data
- Delete candidate personal data in bulk
Activate Delete Candidates' Personal Data Feature for GDPR Compliant Offices
To activate the feature for GDPR compliant offices, click on the Configure tab from your Dashboard and navigate to the GDPR tab from the left-hand panel.
From the GDPR page, navigate to the Delete Candidates' Personal Data panel and click the toggle button so ON is displayed.
Any future configurations made to Delete Candidates' Personal Data will be applied to candidates for all GDPR compliant offices.
Data to be Deleted
To choose what candidate personal data will be deleted for candidates, click Edit in the Data to be Deleted row.
Select which candidate data you would like to delete from the subsequent list of candidate personal data.
Note: Any personal data deleted will no longer show up in reports.
When you have finished, click Save to confirm your selections.
Data Retention Period
After you have selected what candidate personal data should be deleted, you will need to set a timeframe for how long your organization plans to retain that data before deleting it.
To set the retention period for candidate personal data, click Edit in the appropriate row.
From the subsequent field, input how long (in days) your organization wishes to retain candidate personal data after they have been rejected on all applications.
When you have finished, click Save.
The data retention timer will start from when a candidate is rejected on all job applications and will be applied retroactively to all rejected candidates. You will receive an email immediately for existing rejected candidates in your system if those candidates exceed the data retention period
For example, if you activate the data retention timer on May 25, 2018 and set the period for 365 days. You will receive an email immediately after activation to delete candidate personal data for any rejected candidates who were rejected on or prior to May 25, 2017.
Note: If a rejected candidate is converted into a prospect for a different job or is otherwise being considered for another job, the data retention timer will be deactivated and reset. Likewise, if a job is moved to a non-GDPR compliant office in your organization, the data retention timer for candidate personal data will also be deactivated.
To manually edit the data retention timer for the individual candidate, click Edit.
Use the provided field to input a new end date for the data retention timer. When you have finished, click Save.
Note: Altering the data retention timer for a candidate will generate an Activity Feed entry to record the change.
Since deleting candidate personal data is a destructive process, it is not automated and must be done manually. Once the data retention timer has lapsed for candidates rejected on all job applications someone will be notified that they should manually delete the data.
To configure the notification to delete candidate personal data, click Edit in the appropriate row.
From the subsequent fields, select users who should be notified of candidates who need their personal data deleted. Additionally, you can manually add individual or group email addresses by clicking +And/Or Add Email and inputting their email addresses.
Next, select the time, time zone, and on what day(s) you would like notifications to be sent out. When you have finished, click Save.
Recipients will be notified on the day and time selected that the data retention period for certain rejected candidates is over and the candidates' personal data should be deleted.
Delete Individual Candidate's Personal Data
If you have been notified to delete an individual candidate's personal data because:
- the data retention timer has lapsed on a rejected candidate
- or you are responding to an individual request to have personal data deleted by the rejected candidate
You can delete pre-selected candidate data by navigating to the rejected candidate's profile (Dashboard>Candidates>Name of Rejected Candidate).
From a rejected candidate's profile, navigate to the top panel.The data retention timer should be displayed. To delete the candidate's personal data, click Delete Data.
A dialogue box will confirm the pre-selected personal data fields that will be deleted. To continue, click Delete Candidate.
Delete Candidate Personal Data in Bulk
If you need to delete the personal data for multiple candidates because their data retention timer has lapsed, click the Candidates tab on your navigation bar.
From the Candidates page, navigate to the Profile Details tab on the left-hand filter panel.
Expand the Profile Details filter pane and filter your list of candidates by Rejected and GDPR data due to be deleted.
When your list of candidates have been filtered by the appropriate requirements, click Bulk Actions.
Click Select All to choose all candidates on the filtered list.
Click Edit Selected (#) and from the subsequent dialogue box navigate to the Action header and click Delete Candidates' Personal Data.
Review all the pre-selected personal data fields that will be deleted for candidates included in the bulk action. When ready, click Delete Data.