This document is intended for informative purposes only. It does not constitute legal advice regarding the GDPR or any other matter, and may not be used or relied on for such purposes.

This guide is part of Comeet’s GDPR compliance options. See the overview here.

The  GDPR provides  candidates with the right to erasure. This means that companies should delete all personally identifiable data if a candidate makes this request and there’s no other legal basis or overriding legitimate grounds for retaining the candidate’s data. (Article 17 – https://gdpr-info.eu/art-17-gdpr/)

What is Pseudonymization?

Pseudonymization is a data removal technique that allows deleting personally identifiable information from the company’s records while allowing:

  • Retention of non-identifying traces of the candidate’s activity for reporting purposes. While Comeet does not retain pseudonymized candidate profiles, the hiring activity, which is associated with those candidates, is retained and included in company reports.
  • Recovery of the candidates history in case the candidate is added again or reapplies. If candidates are added again or reapply their pseudonymized profile may be identified as duplicate based on these values: name, phone, email address and LinkedIn profile URL. It’s up to you to decide whether to merge the pseudonymized profile into the new candidate profile.

By merging the two profiles, all retained information (based on setting preferences) will become accessible, enabling recovery of the candidate’s previous history or experience with your company.

Note: While pseudonymized candidates profiles become inaccessible immediately, candidates data may be stored for up to 60 days for the purpose of disaster recovery.

Set up your pseudonymization policy

  1. Go to Company settings > GDPR (requires Admin or Owner role)
  2. Set Pseudonymization to Enabled When enabled, you’ll have the option to pseudonymize candidates manually from the candidate profile.
  3. Select the fields to be retained or deleted when candidates are pseudonymized. Retained data will only be accessible should the candidate apply or be added again and merged as a duplicate candidate. This data will otherwise be irretrievable , other than for a limited back-up period for disaster recovery purposes.

When to pseudonymize a candidate

You may want to consider pseudonymizing a candidate when:

  • Candidate requests that his/her data will be removed (in which case you may also want to consider their full deletion, not just pseudonymization)
  • Data retention period has ended

Pseudonymize a single candidate

  1. Go to the candidate profile.
  2. Click on GDPR
  3. Select Remove Candidate Profile
  4. Approve

Pseudonymize multiple candidates

  1. Choose multiple candidates in the candidates list (hold Ctrl/Command and select several candidates or select  by checking the Check icon)
  2. Click on GDPR
  3. Select Remove Candidate Profile
  4. Approve

Pseudonymized candidates in reports

Reports include records of pseudonymized candidates. Pseudonymized candidates names are shown as “(candidate removed)” and other details are blank.

Have more questions? Contact us at support@comeet.co

Did this answer your question?