Greenhouse Recruiting allows for configuring one of two legal bases to retain candidate data in your account. You can edit your preferred legal basis at any time. We recommend consulting with your internal legal team to determine the best configuration for your organization.
Edit legal basis
To edit the legal basis for your organization's GDPR configuration, click Configure on your navigation bar, then select Privacy & Compliance on the left.
Click Configure beside General Data Protection Regulation (GDPR).
Navigate to the Legal Basis panel and click Configure.
Click the button to the left of either Legitimate Interest or Explicit Consent and click Save when finished.
A dialog box will ask you to confirm the change. Click Change Legal Basis.
Impact of explicit consent on GDPR configuration
When Explicit Consent is used as the legal basis for your organization's GDPR configuration, a question that requests consent will be automatically appended to existing and new job posts for offices with a data retention rule.
Additionally, an email requesting permission to collect, store, and process candidate data will be automatically sent to anyone under a data retention rule that does not enter approve or deny consent through their job post application.
You can also manually request consent from any pre-existing candidate and / or prospect who has yet to provide consent to have their data collected, stored, and processed. Check out the links below to learn more:
Impact of legitimate interest on GDPR configuration
When legitimate interest is used as the legal basis for your organization's GDPR configuration, you'll lose Greenhouse Recruiting's built-in consent request functionality.
Since collecting consent is not the legal basis of your GDPR configuration, your organization can customize organizational data collection email rules and email templates to automatically email a GDPR notification to candidates and / or prospects who entered your system without having applied to a job post.