This document is intended for informative purposes only. It does not constitute legal advice regarding the GDPR or any other matter, and may not be used or relied on for such purposes.
The General Data Protection Regulation (GDPR) has been a huge change in digital privacy protection rights and obligations. It significantly expands the privacy rights of European Union residents while imposing many new obligations on organizations that manage personal data of European Union residents.
This document is an overview of the functionality Comeet offers and suggested next steps to help your conformance with the GDPR.
Note: Please note that this document is intended for informative purposes only. It does not constitute legal advice regarding the GDPR, and may not be relied on as legal advice.
See How Comeet Makes GDPR Compliance Easier
Important Concepts and Compliance Tools
- Data subject – You must decide whether you wish to have GDPR protections apply to all positions or only to positions in the EU. Learn more
- Consent request – Comeet makes it easy to request candidate consent if you decide to do so. Request consent when candidates apply on your careers page or email consent requests to them. Candidates can subsequently withdraw their consent at any time. Learn more
- Data removal (Pseudonymization) – Pseudonymization removes identifying information while keeping traces for reporting purposes. If a candidate is subsequently added or subsequently applies, their activity log can be restored. Learn more
- Personal data delivery – Comeet enables you to easily send candidates their personal data if requested. You can specify in your GDPR settings which information will be sent. Learn more
Your Next Steps
To prepare for complying with the GDPR, please consider the following next steps:
1. Consult your legal resource
Consult your legal resource on how to leverage Comeet’s configuration options to best meet your GDPR obligations.
2. Define data subject scope
Define in your GDPR settings whether GDPR protections will apply to all positions or only to positions in the EU. Learn more
3. Choose data retention period
- Retention time clocked from when a candidate applies or is added to the database
- Retention time clocked since the last activity taken with the candidate
- Retention time clocked since the candidate consented to an additional retention period (should you choose to request consent)
4. Review email templates
Review your rejection email templates and delete any statements regarding retaining candidate data. To modify email templates in Comeet, click More > Restore system template. Revise as needed.
- The identity and contact details of the company (and contact details for the company’s data protection officer, where applicable).
- The steps candidates need to take to exercise their EU rights to access, correct and erase their data, and how they should contact you to exercise those rights.
- How candidates can contact you to understand the source from which their data was obtained and then uploaded to Comeet.
- The existence of automated decision making regarding the candidate, and meaningful information about the logic used and consequences for the candidate.
- How you treat information about candidates who are minors.
8. Request consent
If you wish to do so, Comeet allows you to automate the consent request process:
- Enable the Request Consent option in your GDPR settings. Once enabled, candidates will be able to provide consent when applying on your careers website.
- Review and revise the email templates to request consent.
- Enable the email templates by setting the sending option to Send Automatically.
9. Enable data removal (pseudonymization)
If you decide to use the pseydonymization option, enable it in your GDPR settings and define which data should be deleted or retained.
10. Choose personal information to to be delivered
In your GDPR settings, specify the information that will be sent to candidates if they request a copy of their personal data. Learn more
11. Automate data removal
Note: If you decide to request consent, do not activate data removal immediately as you may want to give candidates time to respond before automating data removal.
Comeet can automate removal of candidates’ data when the retention period ends. To enable automatic data removal, decide what Comeet should do when the data retention period ends. Under Data Retention, select whether to delete or pseudonymize candidates automatically. Learn more
Have more questions? Contact us at email@example.com