All Collections
Candidate database
GDPR settings and automation
GDPR settings and automation

Set up the GDPR automation flow under Organization Settings

Triin Elias avatar
Written by Triin Elias
Updated over a week ago

Organization Settings

You will find the details for GDPR automation under your Organization Settings. This is available only for Admin user roles.

The Organization Settings โž GDPR tab will list the following options:

Privacy Policy URL

This is used with the GDPR automation flow. When sending out consent renewal requests, it's automatically added to the Candidate view. The candidate must always have the option to read your organization's privacy policy and how you process their data.

Default data processing consent request validity duration

By default, the data processing consent request link is valid for 7 days. This is how long the candidate can open the link from the sent email and accept or decline your request for processing consent.

Dispute months

By default, the dispute period is 12 months. This gives you the right to save candidate data and use them in case of a dispute resolution.

The data processing consent automation

It can be turned on or off. When enabled, Teamdash's GDPR automation helps you acquire, manage, document, and monitor all your candidates' data processing consents. It works like this:

  1. On the second Tuesday of every month, all your candidates without valid data processing consent get a "consent renewal request" email.

  2. 9 days later we purge your database of all candidate's data which we didn't get processing consent for.

A few days before sending out the renewal requests, you get a report - how many and which candidates are going to get renewal messages. You will always have the option to skip a month. The same goes with purging the database, you always get a notification beforehand and an option to skip. You will always have the final say in any actions.

For conformance with the GDPR, please follow these guidelines for the request message. For more information, consult your DPO, Teamdash support, or a lawyer.

  • List all kinds of data you might be processing (e.g. CV, contact info, etc)

  • Inform them that they can immediately decline consent from the link.

  • Inform that ignoring this message is assumed to be a non-consent.

  • Assure that declining this consent will not affect any pending candidacy.

As described here, you can manage your database manually too. When switching on the automation, Teamdash will automatically sort candidates by GDPR statuses matching dispute and invalid and by excluding already contacted candidates:

The above filtering example shows how Teamdash will automatically sort, send consent renewals, and gather profiles to anonymize each month.

Enable permanent delete

By default, candidate profiles are pseudonymized using a one-way cryptographic function. When they re-apply then their history (comments, projects) is restored. If you enable permanent deletion the candidate histories will not be restored.

Did this answer your question?