GDPR COMPLIANCE TOOLKIT

⛔️Note: These resources are intended to be used for informational purposes only. We do not provide legal advice. Consult a legal professional if you are unsure of any areas of the GDPR policy.

The key to GDPR compliance is driven mainly through the Engagement Hub which reduces admin for you and gives candidates control over their rights. 

Chapter 1: Tracking Compliance

Chapter 2: Setting up your Candidate Portal for GDPR Compliance

Chapter 3: Inviting Candidates to the Engagement Hub | Getting Consent

Chapter 4: Compliance Reporting

Chapter 5: FAQs

Chapter 1: Tracking Compliance

1.1 Compliance | Candidate Long Summary

Within each candidate’s profile, you will find the Privacy | GDPR section under the Compliance tab. 

Here’s a quick overview of the fields:

1.2 Consent to Keep | Statuses

1.3 Consent to Keep | ATS Column

To get an overview of your candidates and their Consent status, add the ‘Consent to Keep’ column using ‘Custom Columns’. 

1.4 Activities 

Every interaction with your candidate is automatically logged and timestamped in the Activities tab.

Chapter 2: Setting up your Candidate Portal for GDPR Compliance

Engagement Hub Setup > Candidate Portal > Site Legals

2.1 Upload your Terms & Conditions & Privacy Policy

Candidates will be asked to accept these T&C's and Privacy Policy when they provide their information to you via the Engagement Hub by actively selecting the checkbox. 

To enable multiple languages, you will need to add the T&C's and Privacy Policy in the languages that you would like to enable. 

2.2 Turn on GDPR Functionality

To allow candidates to exercise their rights to ‘Withdraw Consent’ and ‘Request to be forgotten’, make sure to toggle the feature on:

Chapter 3: Inviting Candidates to the Engagement Hub | Getting Consent 

3.1 Managing Existing Candidates

The goal here is to get your candidates to register for an account on the hub which gives them access to the following sections and functionalities:

MY PROFILE

Your candidates will be able to update the following information within their profile:

  1. Basic personal information
  2. Preferred job type - perm / contract / temp
  3. Compensation info & expectations
  4. Work experience
  5. Education
  6. Skills

JOB APPLICATIONS

See all the jobs they have applied for including:

  1. Job application status
  2. Consent status
  3. Ability to opt-out or withdraw consent per job

JOB ALERTS

See a list of job alert subscriptions and ability to unsubscribe.

ONBOARDING

This is where your candidates upload the required documents for their jobs. They will be able to see the onboarding documents required of them and track their progress.

Pro tip: You’ll be able to specify the types of documents you’d like your candidates to upload. This can be anything from special compliance documents like audit I-9 and W-4 forms, driver’s licenses or even their dog’s or cat's birth certificate (if you really must), simply add it as an item on the list.

REQUEST TO BE FORGOTTEN

Candidates can request for their data to be deleted simply by clicking and confirming that they would like to be forgotten under Settings.

What happens when a candidate clicks on ‘Request to be forgotten’? 

Your candidates will be presented with the following screen to confirm their decision:

If the candidate decides to proceed with the action, the Job owner and the Candidate owner will receive the following notifications:

  1. Email notification
  2. In-app notification

    3.2 Activities | Requested to be forgotten

A new comment will be logged in the Activities tab including the note that the candidate shared:

The onus is now on you to take the appropriate follow-up actions.

WITHDRAW / GIVE CONSENT

In line with the GDPR, you need consent for every way you process candidate data. Consent needs to be granular meaning it needs to cover the various jobs you will process and use candidate's data. From the jobs applications page on the Candidate portal, candidates can easily withdraw consent per job.

What happens when a candidate clicks on ‘Withdraw consent’?

Your candidates will be presented with the following screen to confirm their decision:

If the candidate decides to proceed with the action, the Job owner and the Candidate owner will receive the following notifications:

  1. Email notification
  2. In-app notification

    3.3 Activities | Consent Withdrawn

A new comment will be logged in the Activities tab including the note that the candidate shared:

The onus is now on you to take the appropriate follow-up actions.

3.4 Email Template #3 | Invite to Engagement Hub

To edit the email template, please go to your Engagement Hub Setup > Email Templates > #3 Invitation to Engagement Hub.

What you put in your email templates is entirely up to you depending on what you think works best for your needs and in compliance with GDPR. Here’s an example of what you can include:

3.5 New Candidates 

For all new candidates, you can setup in the Candidate portal if you want them to create an account first before applying for a job.

Chapter 4: Compliance Reporting

There are 2 out-of-the-box reports you get related to GDPR Compliance:

  1. Consent Type
  2. Consent to Send
  • Get an at-a-glance view of the candidates that have given you consent by month
  • Track compliance levels over time
  • Ability to filter by consultants & locations

Chapter 5: FAQs

How can I get a list of candidates with a specific status and send them an invitation to the Engagement Hub?

You can do this by using the table filters in the ATS. Within the ‘Consent to Keep’ column, you can choose to view candidates with specific statuses. Once you’ve filtered down to your desired view, you can bulk select and send them the ‘Invite to Engagement Hub’ email.

Who receives notifications when there is no candidate or Job owner?

By default, Vincere sends notifications to the Candidate owner(s) and Job owner(s). If there are no specified owners, you can decide the users who will receive these notifications:

Go to Marketplace > Engagement Hub Setup > Candidate Portal > Subscribers for GDPR notifications

What if I’m not using the Engagement Hub? How can I track GDPR Compliance?

You have the option to do this manually. Within the Compliance section of each candidate’s profile, you’re able to manually update the GDPR related fields.

GDPR does not affect me because I do not deal with citizens in the EU. Is there a way I can turn off the functionality on the Engagement Hub?

Yes you can. In the Setup page, navigate to Candidate Portal > Settings. Look for Privacy | GDPR section. Simply toggle the feature off to disable the GDPR-compliance features.

What happens when a candidate applies for a job who is not yet registered on the portal?

There is no longer an ‘Apply Now’ button on the application page. All candidates will be required to register for an account and actively selecting the T&C’s and Privacy Policy before applying for a job.

What happens if candidates apply via Job Boards?

If Candidates apply through a job board, and are not already in Vincere, Vincere will invite them to the portal automatically

For more details about GDPR for recruitment, visit our dedicated GDPR resource pages here: http://vincere.io/gdpr   http://help.vincere.io/gdpr

All details correct at the time of publication | Vincere.io | June 2018

Did this answer your question?