The features outlined here are available on every Workable account and are designed to help you stay in compliance with GDPR. More advanced GDPR features and automations are available for certain plans. See more about Workable's approach to GDPR.
With the standard features you can:
- Activate candidates' right to erasure
- Include privacy policy in emails or job description
- Delete candidates when necessary
Candidates’ right to erasure
The first step towards GDPR compliance is to include an option for candidates to withdraw from the application process and delete their data automatically.
To begin:
- Click on your user icon in the upper right of Workable, then go to Settings > Compliance.
- Locate the GDPR section.
- Enable the right to erasure switch.
With this option enabled, the application confirmation email that a candidate receives automatically after applying will include an option for them to withdraw from the application process and delete their data.
This is what the candidates receive:
Furthermore, activating the 'right to erasure’ means that the candidates and account members can permanently delete their data from an individual job or your full Workable account (all active and archived jobs, and the Talent Pool). Also, Workable account members can permanently delete candidates' data from Workable if they are requested to do so.
Standard Privacy Notice setup
A link to your Privacy Notice should be shared with every candidate in your Workable account. You’ll need to create and host your own Privacy Notice and ideally, it will be related to recruitment only, instead of a more general company privacy policy. This will further increase transparency, enabling the candidate to quickly see relevant information which could be missed in a longer, more general policy.
In any case, the Privacy Notice should include details of:
- How long your organization intends to store the candidate data; if it’s not possible to provide an exact length of time, then explain the criteria used to determine that period
- How candidates can withdraw their consent to the processing of their personal data
- How candidates can request corrections or access to their data, or ask for it to be deleted from your system
- Who candidates should contact should they want to lodge a complaint regarding the processing of their personal data Share your Privacy Notice with the candidates via email.
As part of your process, we recommend to use Workable to create an email template that can be used to contact sourced or passive candidates with a consistent approach.
You can rely on emails to notify candidates about your Privacy Policy. Create an email template to notify your candidates about your company’s Privacy Policy and also include a link to your Privacy Policy in your job’s description. Another alternative is to use a link for your company’s Privacy Policy to your email signature.