Skip to main content
All CollectionsManage candidatesDeleting candidates
GDPR - Deleting Candidates (Anonymize)
GDPR - Deleting Candidates (Anonymize)

Learn how to easily delete all candidates that you are not allowed to keep in your system according to GDPR.

Updated over 3 months ago

Deleting candidates' personal data in TalentLyft, to be compliant with GDPR is called Anonymization. By anonymizing candidates instead of just deleting them, you are keeping your analytics data. This means that anonymized candidates will still appear (as a number only) in your analytics, while the deleted ones won't. This enables you to generate accurate reports even if candidates had to be deleted due to GDPR.

Before you start anonymizing candidates, make sure you have set up your GDPR compliance settings. When the GDPR compliance feature is enabled in your system, you can begin anonymizing the candidates whose personal data you must delete to stay compliant with GDPR.

TalentLyft will never delete or anonymize candidates automatically. We want to leave the final decision to you. However, TalentLyft will make it as easy as possible for you to do it. The system does that by considering your GDPR compliance settings and placing all candidates who match the anonymization conditions on the Needs to be deleted list.

All you need to do is define a recurring period (once a day, once a week, or once a month) and anonymize all candidates on the Needs to be deleted list periodically according to the instructions below.

Generating the Needs to be deleted list

First of all, you should understand how the list is being generated. The following situations that will result in candidates being placed on the Needs to be deleted list:

  • Candidate's retention period consent has expired;

  • The candidate didn't give you the retention period consent, and the job they applied for is archived;

  • The candidate didn't give you the retention period consent, and the job they applied for is still active, but the inactivity period has expired.

If you want to get into the logic behind this a bit more, you can take a look at this article.
​

Accessing the Needs to be deleted list

To access the Needs to be deleted list, go to Candidates – Candidates sub-tab and click on Add Filter to Query.

From the list of available filters, scroll to the GDPR filters section, select the Needs to be deleted filter, and select the is true operator.

The list of all candidates that need to be deleted/anonymized is now in front of you.


Anonymizing the candidates

You can now select all candidates on the list by ticking the checkbox in the upper left corner of the list. When the candidates are selected, click on the three dots in the upper-right section of the screen and select the Anonymize option. The system will ask you if you are sure that you want to do this, and when you click Yes, candidates will be anonymized.

Be careful with this operation because anonymization is irreversible. To stay compliant on our end, we need to delete the candidates from our database immediately when you request so. That means that if you anonymize candidates by mistake, not even we will be able to get them back.
​

Sourced and imported candidates

Sourced candidates and the ones imported from a legacy ATS are a special case. They will not appear on the Needs to be deleted list immediately, even though you don't have their Data policy and Retention period consents. This is because, in such cases, legitimate interest is the basis for you to use their personal data. These candidates will be placed on the Needs to be deleted list when:

  • The job they applied for is archived or

  • The inactivity period has expired.

GDPR states that you can use someone's personal data if you have a legitimate interest. In this case, your legitimate interest is your intention to hire the person. However, because legitimate interest is not strictly defined, we should avoid relying on it as a basis for personal data usage and retention. When you add candidates to your TalentLyft account, you should immediately ask them to give you their Privacy policy and Retention period consents according to the instructions in this article.

Did this answer your question?