Top

GDPR and candidates' right to erasure

Follow

To begin, click on your user icon in the upper right of Workable and navigate to Compliance.

compliance_.png

Locate the GDPR section. The first option you’ll see will vary based on the Workable plan you subscribe to. In any case, flip this switch to ON and it will enable candidates’ right to erasure.

  • Pay As You Go plan: “Right to erasure”
  • Annual plan: “GDPR features”

gdprswitch.png

Important: This action does not automatically make you GDPR compliant.

Activating ‘the Right to erasure’ means that:

  • Candidates can permanently delete their data from an individual job or your full Workable account (all active and archived jobs, and the Talent Pool)
  • Workable account members can permanently delete a candidate’s data from Workable

With this option enabled, the application confirmation email – which a candidate receives automatically after applying – will include an option for the candidate to withdraw from the application process and delete their data. This right to erasure is a requirement under GDPR.

withdraw_application_link.png

After selecting Withdraw this application the candidate can withdraw from consideration to be removed from the hiring process, or choose to have their data deleted entirely.

delete_data.png

The candidate must confirm the deletion after clicking this link.

If a candidate deletes their own data you will not be able to source (upload) them to your account in the future through any method (e.g. job mailbox, file upload, People Search). This is to prevent you and your team from accidentally uploading and contacting candidates who have explicitly asked to have their data deleted. However, they will be able to reapply to your jobs if they choose to. 

withdrawn_candidate_notification.png

Additionally, if you delete the candidate yourself (or if they are deleted as part of the GDPR automation) they are permanently deleted from your account and will not be recoverable. This deletion removes all candidate information including resume, contact details, and their Workable Timeline. You may need to do this manually as part of your data retention policy.

Ensure that you click Save Changes at the bottom of the GDPR section when you've enabled the switch. As part of the Workable Annual plan, you'll also need to set up a Privacy Notice before saving your changes.

Enabling this switch is an important step towards compliance, but there will be other actions or processes that your organization should put in place.