

Overview
Workable’s data processing activities are governed by a contract that complies with EU law. We are already compliant with existing data protection laws, and many of these remain the same under GDPR. Like Workable, organisations that come in contact with personal data from EU residents must be compliant with the General Data Protection Regulation (GDPR). The GDPR aims to strengthen people’s rights to privacy and protect their personal data.
Under General Data Protection Regulations organizations should ensure that:
- candidates are aware that their data is processed by your organization
- candidates are informed about your Privacy Policy and their rights
- candidates can request deletion of their data at any time
Ensuring compliance
You can maintain GDPR compliance with the features built in to your Workable account.
To get started and adjust the GDPR settings, visit the Compliance section of the user icon menu.
The GDPR settings apply to jobs based in the EU, Norway and Iceland, where residents are protected under the laws of the General Data Protection regulation (GDPR), as well as to jobs based in Switzerland and Liechtenstein. Jobs in other locations will not be affected.
Candidates understand that when they submit their personal data as part of a job application then their data will be processed (reviewed) as part of the hiring process. The only caveat to this is if you are requesting sensitive information, for example, information about a disability, cultural, genetic or biometric information, information gathered from an EEO survey or a background check. In most cases you must request and record explicit consent to process this information. If a criminal background check is required by law (e.g. for working at a nuclear power facility), no consent is required.
While you may not need to collect explicit consent in all cases, you should always share your recruitment Privacy Notice with candidates. As the data controller of your Workable account, the above responsibilities rest with your organization.
If a candidate contacts you at any stage to delete their data from your files you should carefully verify whether you must comply. Having enabled the GDPR compliance settings on your Workable account, the data will be permanently deleted. You must also inform candidates if you wish to use their data for anything other than the initial purpose outlined.