GDPR COMPLIANCE TOOLKIT
⛔️ Note: These resources are intended to be used for informational purposes only. We do not provide legal advice. Consult a legal professional if you are unsure of any areas of the GDPR policy.
The key to GDPR compliance is driven mainly through the Engagement Hub, which reduces admin for you and gives candidates control over their rights.
Click on the link ⏬ to skip to the section you're interested in:
Chapter 1: Tracking Compliance
1.1 Compliance | Candidate Long Summary
Within each candidate’s profile, you will find the Privacy | GDPR section under the Compliance tab.
Here’s a quick overview of the fields:
1.2 Consent to Keep | Statuses
1.3 Consent to Keep | ATS Column
To get an overview of your candidates and their Consent status, add the ‘Consent to Keep’ column using ‘Custom Columns’.
1.4 Activities
Every interaction with your candidate is automatically logged and timestamped in the Activities tab.
Chapter 2: Setting up your Candidate Portal for GDPR Compliance
Please follow the steps below:
Head to Settings, click on Marketplace.
Look for Engagement Hub and click on Engagement Hub Setup.
Go to the Candidate Portal, and click on Site Legals.
2.1 Upload your Terms & Conditions & Privacy Policy
Candidates will be asked to accept these T&C's and Privacy Policy when they provide their information to you via the Engagement Hub by actively selecting the checkbox.
To enable multiple languages, you will need to add the T&C's and Privacy Policy in the languages that you would like to enable.
2.2 Turn on GDPR Functionality
To allow candidates to exercise their rights to ‘Withdraw Consent’ and ‘Request to be forgotten’, make sure to toggle the feature on:
Chapter 3: Inviting Candidates to the Engagement Hub | Getting Consent
3.1 Managing Existing Candidates
The goal here is to get your candidates to register for an account on the hub, which gives them access to the following sections and functionalities:
MY PROFILE
Your candidates will be able to update the following information within their profiles:
Basic personal information.
Preferred job type - perm/contract/temp.
Compensation info & expectations.
Work experience.
Education.
Skills.
JOB APPLICATIONS
See all the jobs they have applied for, including:
Job application status
Consent status
Ability to opt-out or withdraw consent per job
JOB ALERTS
See a list of job alert subscriptions and ability to unsubscribe.
ONBOARDING
This is where your candidates upload the required documents for their jobs. They will be able to see the onboarding documents required of them and track their progress.
Pro tip:
You’ll be able to specify the types of documents you’d like your candidates to upload. This can be anything from special compliance documents like audit I-9 and W-4 forms, driver’s licenses, or even their dog’s or cat's birth certificate (if you really must), simply add it as an item on the list.
REQUEST TO BE FORGOTTEN
Candidates can request for their data to be deleted simply by clicking and confirming that they would like to be forgotten under Settings.
What happens when a candidate clicks on ‘Request to be forgotten’?
Your candidates will be presented with the following screen to confirm their decision:
If the candidate decides to proceed with the action, the Job owner and the Candidate owner will receive the following notifications:
Email notification
In-app notification
3.2 Activities | Requested to be forgotten
A new comment will be logged in the Activities tab including the note that the candidate shared:
The onus is now on you to take the appropriate follow-up actions.
WITHDRAW / GIVE CONSENT
In line with the GDPR, you need consent for every way you process candidate data. Consent needs to be granular meaning it needs to cover the various jobs you will process and use candidate's data. From the jobs applications page on the Candidate portal, candidates can easily withdraw consent per job.
What happens when a candidate clicks on ‘Withdraw consent’?
Your candidates will be presented with the following screen to confirm their decision:
If the candidate decides to proceed with the action, the Job owner and the Candidate owner will receive the following notifications:
Email notification
In-app notification
3.3 Activities | Consent Withdrawn
A new comment will be logged in the Activities tab, including the note that the candidate shared:
The onus is now on you to take the appropriate follow-up actions.
3.4 Email Template #3 | Invite to Engagement Hub
To edit the email template, please follow the steps below:
Go to your Engagement Hub Setup.
Click on Email Templates, then click on #3 Invitation to Engagement Hub.
What you put in your email templates is entirely up to you, depending on what you think works best for your needs and in compliance with GDPR. Here’s an example of what you can include:
3.5 New Candidates
For all new candidates, you can setup in the Candidate portal if you want them to create an account first before applying for a job.
Chapter 4: Compliance Reporting
There are 2 out-of-the-box reports you get related to GDPR Compliance:
Consent Type
Consent to Send
Get an at-a-glance view of the candidates that have given you consent by month
Track compliance levels over time
Ability to filter by consultants & locations
Chapter 5: FAQs
Q1: How can I get a list of candidates with a specific status and send them an invitation to the Engagement Hub?
Answer: You can do this by using the table filters in the ATS. Within the ‘Consent to Keep’ column, you can choose to view candidates with specific statuses. Once you’ve filtered down to your desired view, you can bulk select and send them the ‘Invite to Engagement Hub’ email.
Q2: Who receives notifications when there is no candidate or Job owner?
Answer: By default, Vincere sends notifications to the Candidate owner(s) and Job owner(s). If there are no specified owners, you can decide the users who will receive these notifications:
Go to Marketplace, click on Engagement Hub Setup.
Click on Candidate Portal and go to Subscribers for GDPR notifications.
Q3: What if I’m not using the Engagement Hub? How can I track GDPR Compliance?
Answer: You have the option to do this manually. Within the Compliance section of each candidate’s profile, you’re able to manually update the GDPR related fields.
Q4: GDPR does not affect me because I do not deal with citizens in the EU. Is there a way I can turn off the functionality on the Engagement Hub?
Answer: Yes you can. In the Setup page, navigate to Candidate Portal and click on Settings. Look for the Privacy | GDPR section. Simply toggle the feature off to disable the GDPR-compliance features.
Q5: What happens when a candidate applies for a job who is not yet registered on the portal?
Answer: There is no longer an ‘Apply Now’ button on the application page. All candidates will be required to register for an account and actively select the T&C’s and Privacy Policy before applying for a job.
Q6: What happens if candidates apply via Job Boards?
Answer: When candidates’ information is added to Vincere (e.g., through applications or manual entry), the system can automatically invite them to the portal to manage their consent preferences.
For more details about GDPR for recruitment, visit our dedicated GDPR resource pages here: http://vincere.io/gdpr http://help.vincere.io/gdpr.
Q7: Can I Automatically Import Candidates from LinkedIn Job Slots into Vincere?
Answer: At this time, Vincere does not have a direct integration with LinkedIn job slots to automatically import applications into the ATS.However, Vincere integrates with job posting aggregators such as BroadBean and LogicMelon.
These platforms can post your Vincere jobs to LinkedIn and parse the applications back into Vincere as a third-party bridge.
If you’d like to publish your jobs on LinkedIn and have applications flow back into Vincere automatically, we recommend using one of these aggregator integrations.
For more details informations, please refer to Posting Jobs via BroadBean and Posting Jobs via LogicMelon.
💡 Tip: If you just want to source profiles directly from LinkedIn (rather than receive job applications), try the Velocity Chrome extension, which lets you import candidate profiles from LinkedIn, Xing, or GitHub straight into Vincere.
All details correct at the time of publication | Vincere.io | June 2018