General Data Protection Regulation (GDPR) Anonymization/Deletion

Cornerstone clients, particularly in the European Union, require the ability to anonymize/delete data associated with a user to ensure compliance with local and federal regulatory requirements, among which General Data Protection Regulation (GDPR) is the most prominent change. This can also have an impact on non-European clients with users in Europe who are covered by the related regulations.

For internal users, organizations can request that employee data be made anonymous based on the following removal scenarios:

  • User Based Removal - For non-applicant users, this type of anonymization occurs when requested by a client. This type of removal is not dependent on the user's status or Legal Entity. When this type of removal, if the user is Inactive, the user record is anonymized and peripheral data is deleted; if the user is Active, the user record is not impacted but the peripheral data is deleted.
  • Time Based Removal - This type of anonymization occurs automatically after a certain period of time. All internal users (not applicants) must be Inactive to be anonymized. For this type of removal, the user does need to have a Termination Date populated, and the user must belong to a Legal Entity. The Legal Entity determines the user record retention period.
  • Peripheral Data - Organizations can set criteria for the deletion of peripheral data, such as performance reviews, development plans, etc. This deletion may occur before a user is anonymized, and it may occur regardless of the user's status (i.e., Active, Inactive) and employment status (e.g., Terminated).

Notes:

  • If the retention period is set up only for user record, ONLY user data is anonymized/deleted when the user is made inactive and the retention period has passed. Peripheral data remains in the system.
  • If the retention period is also set up for peripheral data (performance review, goals, competencies, etc.), the user's peripheral data is deleted regardless of the termination date and user status (i.e., Active, Inactive). This means that peripheral data deletion may occur before a user is anonymized.

For applicants, organizations can request that applicant data be made anonymous based on the following removal scenarios:

  • As a part of deletion of individual applications, a user's application will be deleted when the following has occurred:
    • The requisition is closed or the user is in a closed status
    • The non-hired application in that closed requisition has exceeded the retention period as defined per the Location Organizational Unit (OU) (primary location) of that requisition
    • A user has left a legal entity, becomes inactive, and either requests to be forgotten OR whose data has exceeded the retention period for that Location OU of the closed requisition or exceeded the retention period for the Legal Entity (whichever comes first)
    • An applicant requests from the administrator that their application be deleted at any given point in time (whether or not the application has exceeded the data retention period of a closed requisition)
  • As a part of anonymization, a user’s information will be anonymized when the following has occurred:
    • The applicant has exceeded the period of inactivity as defined by the administrator in the Compliance Enablement Preferences area and that applicant has been dispositioned from a requisition

There are two types of data removal:

  • Deletion - Data deletion removes the data from all databases, and the data is not recoverable.
  • Anonymization - Data anonymization scrambles the user's identifiable information, and this process is not reversible.

Data removal can be configured based on a standard organizational unit (OU), Legal Entity. The Legal Entity OU can only be used for data removal.

Considerations

Although Learning and other product suites are not explicitly mentioned in this documentation, all suites are impacted by data anonymization. For example, Learning records will remain available when a user is anonymized, but the records are not identifiable.

Implementation

Except for applicant anonymization, this functionality is controlled by a backend setting that is disabled by default.

To enable this feature please first speak with your Client Success Manager (CSM) as we offer different enablement paths depending on the complexity of your requirements. Once requirements are defined, submit a work order to Global Product Support (GPS) to enable the data retention rules for Legal Entity and Location OUs.

Map Data Retention to Legal Entity/Location OU

To define the data retention rules for Legal Entity and Location OUs, you must submit a work order to GPS.