There are two legal bases that an organization can choose between in order to retain candidate data in Greenhouse Recruiting: Legitimate interest or Explicit consent.
In this article, we will provide a brief overview of each legal basis and how each basis impacts the configuration of Greenhouse Recruiting's GDPR features.
Note: Please seek the advice of your legal counsel to determine which legal basis your organization uses to retain candidate data for recruiting purposes.
Legitimate interest
According to Art. 6(1)(f) of Regulation (EU) 2016/679 (General Data Protection Regulation), organizations can claim that collecting and evaluating candidate data is a legitimate interest as it pertains to selecting a candidate for employment.
By default, Greenhouse Recruiting is configured to support legitimate interest as the legal basis.
Explicit consent
According to Art. 6(1)(a) of Regulation (EU) 2016/679 (General Data Protection Regulation), if organizations have no provision for legitimate interest, they can retain candidate data if the data subject (i.e., candidate) provides explicit consent to have their data retained and processed.
Organizations who wish to use explicit consent as a legal basis will need to manually select it from the GDPR configuration page in Greenhouse Recruiting.