Top

GDPR and candidates' right to erasure

Follow

To begin, click on your user icon in the upper right of Workable and navigate to Compliance.

compliance_section.png

Locate the GDPR section. The first option you’ll see will vary based on the Workable plan you subscribe to. In any case, this switch will enable candidates’ right to erasure.

  • Starter or Pay As You Go plan: “Right to erasure”
  • Pro or Enterprise plan: “GDPR features”

pro_gdpr_features_switch.png

Flip the switch to ON

This action does not automatically make you GDPR compliant.

Activating ‘the Right to erasure’ means that:

  • Candidates can permanently delete their data from an individual job or your full Workable account (all active and archived jobs, and the Talent Pool)
  • Workable account members can permanently delete a candidate’s data from Workable

With this option enabled, the application confirmation email – which a candidate receives automatically after applying – will include an option for the candidate to withdraw from the application process and delete their data. This right to erasure is a requirement under GDPR.

withdraw_application_link.png

After selecting Withdraw this application the candidate can withdraw from consideration to be removed from the hiring process, or choose to have their data deleted entirely.

delete_data.png

The candidate must confirm deletion after clicking this link.

If a candidate deletes their own data you will not be able to source (upload) them to your account in the future through any method (e.g. job mailbox, file upload, People Search). This is to prevent you and your team from accidentally uploading and contacting candidates who have explicitly asked to have their data deleted.

withdrawn_candidate_notification.png

Additionally, if you delete the candidate yourself (or if they are deleted as part of a Workable Pro GDPR automation) they are permanently deleted from your account and will not be recoverable. This deletion removes all candidate information including resume, contact details and their Workable Timeline. You may need to do this manually as part of your data retention policy.

Ensure that you click Save changes at the bottom of the GDPR section when you've enabled the switch. As part of a Workable Pro plan you'll also need to set up a Privacy Notice before saving your changes.

Enabling this switch is an important step towards compliance, but there will be other actions or processes that your organization should put in place.