Managing GDPR Compliance Features

PeopleFluent Recruiting's GDPR functionality is enabled globally for your company and then applied individually to positions and candidate pools, regardless of their geographic region, for maximum flexibility.

When creating positions based in the EU, GDPR functionality will default to "on" if it is enabled on the company level.

We provide many features to make it easier for you to stay compliant.

You can learn more about these features in the following areas which are defined in GDPR:

Candidate Consent Find out how to require consent for different types of candidates.

Candidate Right to Access Candidates have a right to their personal information. Find out how to provide upon request.

Candidate's Right to Erasure Candidates have a right to delete their personal data. Find out how to comply upon request.

Privacy Notice Informs candidates of how their personal data will be used and stored.

Enabling the GDPR Feature

  1. Click the gear ⚙️ in the left sidebar.
  2. Click Company Settings.
  3. On the General page, scroll to the GDPR Compliance section.
  4. Set the GDPR Features field to Enabled.

Automating Candidate Consent

You have the option to automatically request candidate consent based on how the candidate enters the system.

  1. In the GDPR Compliance section of the General page, click the gear  to the left of the Enabled button.
  2. In the Requiring Consent section, enable or disable automatic consent for each candidate type.
Screen Shot 2018-05-15 at 12.13.28 PM.png
 

When automated consent is enabled for Applying Candidates, the required consent fields will be added to the application form, both on your organization's career site and through integrated job boards.  You can manage the variables included in the consent.  Click the gear  to the left of the Enabled button and select the appropriate variables from the available options. When you have completed your changes, click the Update button.

 

When automated consent is enabled for Referred Candidates, Sourced Candidates or Recruited Candidates, and email will be sent to the candidate describing your use of their information.  The email can be customized.  Click the gear  to the left of the Enabled button for each candidate type.  You can customize the title, verbiage and the variables included in the email.

Automatic Renewal of Consent

By default, candidate consent lasts for two years. This period can be changed, and you have the ability to automatically email candidates requesting consent renewal 28 days before consent expires.   

  1. In the GDPR Compliance section of the General page, click the gear  to the left of the Enabled button.
  2. Scroll to the Expiring Candidates section and take one of both of the following actions:
  • To change the expire period, select a value from the Candidate Consent Period drop-down field.
  • To enable or disable auto-renew emails, select the appropriate option in the Auto-Renew Candidate Consent field.

Automatically Removing Expired Candidates

You can automatically remove candidates when their consent has expired. When this feature is enabled, candidates will be automatically removed on the Sunday, 14 days following their consent expiration. 

  1. In the GDPR Compliance section of the General page, click the gear  to the left of the Enabled button.
  2. Scroll to the Expiring Candidates section.
  3. Enable or disable automatic removal by clicking the appropriate option in the Auto-Remove Expired Candidates field.

Managing the Privacy Notice

Your GDPR privacy notice is related to recruitment, as opposed to a more general company privacy policy. It's designed to describe how and why you are requesting or gathering candidate information. It should be easy for all candidates to understand, rather than a complex legal document. The privacy notice displays to candidates on the Candidate Consent page.

Your Privacy Notice should include the following details:

  • How long your organization intends to store the candidate data. If it's not possible to provide an exact length of time, then explain the criteria used to determine that period.
  • How candidates can withdraw their consent to the processing of their personal data.
  • How candidates can request corrections or access to their data, or ask for it to be deleted from your system.
  • Who candidates should contact should they want to lodge a complaint regarding the processing of their personal data.

The privacy notice can be customized.

  1. In the GDPR Compliance section of the General page, click the gear  to the left of the Enabled button.
  2. Scroll to the Privacy Notice section.
  3. Click the gear  in the Recruiting Privacy Notice field.
  4. You can customize the title, verbiage and variables of the notice.  When you have completed your changes click the Update button.

Disclaimer

While PeopleFluent Recruiting has worked to provide you with the best and most relevant information in regards to the European Union General Data Protection Regulation, we highly suggest that you do some research of your own and seek legal advice to ensure you are complying in the best interest of your organization.

Powered by PeopleFluent