Since May 25, 2018, the General Data Protection Regulation (GDPR) is in effect, reviewing how the personal data of EU citizens is being collected and shared. With TalentLyft, you can set up your GDPR settings to be 100% GDPR compliant. Here is the link to the official regulation document, published in the Official Journal of the European Union.

To make sure you are fully GDPR compliant, if you are gathering candidate data in the EU, you need to make sure you have enabled your GDPR settings before you publish your first job! This helps you keep track of the candidates whose consent has expired and who need to be deleted/anonymized. This way you are protecting your company and following the rules and regulations that are prescribed for the EU.

To enable and set up your GDPR settings in TalentLyft, the first step is to go to Profile – App settings – Compliance and enable your GDPR settings.

After you have enabled and modified your GDPR settings, familiarize yourself with how these settings are applied to different candidates, depending on how their profiles were added to the system:

Now make sure you are regularly tracking and deleting candidates that should be deleted from your system according to GDPR. The list of people that must be deleted will be generated in the Engage module, and accessed by using the "Needs to be deleted" filter.

The retention period determines how long you want to keep your candidates' data in your database after the position they initially applied for is archived.

Candidates are not obliged to give their consent for your retention period in order to apply. Candidates who don't give you their retention period consent, need to be deleted from your database when the job opening they applied for is archived.

This period defines how long you want to keep candidate's personal data without a valid retention period consent. It is the time that needs to pass without any activity (emails, evaluations, stage movement, etc.) on candidate's timeline.

Please note that this is not applicable to candidates who have a valid retention period consent. Candidates whose retention period has expired or they have not given it in the first place don't have a valid retention period.
​
Normally, candidates without a valid retention period consent are placed on Needs to be deleted list when the job that they applied for is archived. Some jobs (e.g. open applications) might not be archived for a very long time. That is why we have the Inactivity period.

The privacy policy consent is mandatory for candidates in order to apply for a job. Your privacy policy describes what personal data you are going to use and for what purpose.

If you tick this checkbox, your candidates will be asked explicitly to agree with your Privacy policy. If the checkbox is left unticked, they will be informed that by applying for this job they automatically agree to your Privacy policy.

This checkbox is to be used by TalentLyft users with multiple company accounts only. With this, you are asking your candidates to give their consent for you to share their information with your sister companies or subsidiaries.

Candidates must be able to delete their personal data from your database. With TalentLyft, they can do that through the Candidate portal. Tick this checkbox to disable the option for the candidates to delete their personal data themselves and instead, send such requests to the data protection officer email who will delete the candidate's data himself.

Set up is your Privacy policy text that appears when a candidate clicks on the privacy and data processing policy link.
Feel free to use our English and Croatian templates for the GDPR privacy policy.

NOTE: While TalentLyft has consulted with legal professionals both in the creation of this article and for our own product features, we are not a law firm. All information that is used in this article is general information and is not intended as legal advice. Users should take independent legal advice regarding their own data protection policies.