Recruiting GDPR Enhancements

Prior to these enhancements, gaps in data deletion and anonymization events caused certain candidates to remain in the system indefinitely without being anonymized or deleted.

These enhancements help ensure that customers are able to comply with data privacy legal regulations and company policies. It also helps align the true system functionality with the Global Data Protection Regulation (GDPR) configuration in the user interface (UI).

As part of the April '21 release, the following enhancements are made to assist with Global Data Protection Regulation (GDPR) compliance:

    Former employees who log in to a career site before their employee record is anonymized, will remain eligible for anonymization and data deletion.

    Prior to this enhancement, former employees that logged into a career site were never anonymized because they were indefinitely defined as external candidates with a hired application.

    With this enhancement, former employees are subject to anonymization as expected.

    Scenario A: If a former employee logs into a career site without applying to a job, they will remain subject to Core user anonymization and/or Core application deletion retention periods. This potentially includes, respectively:

    • Anonymization of the user record
    • Deletion of the application used to apply to the job for which they were hired

    Scenario B: If a former employee logs into a career site and applies to a job, the user will not be anonymized until any open applications are closed, either via disposition or hiring. Once these applications are closed, the Application Data Deletion feature will delete these subsequent job applications in accordance to retention rules.

    Subsequently, the user is once again subject to the Core anonymization retention period for former employees as described in Scenario A.

    Anonymize subsequent "optional" resumes with New Submissions anonymization enabled. With this enhancement, all resumes for applicants in a New Submission status will be anonymized correctly in Manage Candidates when the Anonymize personal applicant data for New Submissions preference is enabled in Compliance Enablement Preferences. For example:

    1. Candidate applies to Requisition A, which requires a resume attachment.
    2. The same candidate applies to Requisition B, for which a resume attachment is optional. The candidate does not attach a resume document when they apply to Requisition B.
    3. The resume used in Requisition A is automatically used when viewing Requisition B in Manage Candidates.
    4. Prior to this enhancement, the resume for Requisition A would be anonymized in Manage Candidates, but the resume for Requisition B would not have been anonymized.
    5. After this enhancement, the resume for both requisitions would be anonymized.

Use Case

  1. A retail company hires temporary seasonal employees during holiday periods.
  2. When hired, a user record is created in the portal for each seasonal employee.
  3. The company terminates the temporary workers at the end of the season.
  4. The company has employee data retention periods set to 365 days, meaning the temporary employees would be anonymized after termination in accordance with the Core GDPR anonymization feature.
  5. A seasonal employee plans to return the next season. She applies to the job for the next season, but is not hired.
  6. Her applications are eligible for deletion in accordance with the Application Data Deletion retention period.
  7. Upon application deletion by the Application Data Deletion feature, the former employee’s user record is eligible for anonymization in accordance with the Core GDPR anonymization feature.


Upon implementation of this enhancement, this functionality is available for all portals using Recruiting.

Customers are recommended to review and update their privacy policy documentation to accurately reflect the current behavior.


The following existing permission applies to this enhancement:

Compliance Enablement Preferences - Manage Grants ability to access and manage Compliance Enablement Preferences. This permission can be constrained by OU and User's OU. This is an administrator permission. Recruiting Administration