GDPR compliance calls for Data Subject Consent & Right to be forgotten, which ensures candidates rights on organizations inability to store the data in their HRMS system forever & also to anonymize the candidate's PII data whenever required. This is ensured in Freshteam through Automatic anonymization of the candidates personally identifiable data and Manual anonymization of the same. 


Both the features are part of advanced GDPR module which are provided under all the paid plans (Growth, Pro and Enterprise)


Overview

Manually anonymize candidates personally identifiable data, Auto anonymize candidate PII data after a fixed duration of time. Time period to retain uncontacted candidate information or candidate not notified of the privacy policy. 


Candidate PII Anonymization


Setting up advanced GDPR features (auto-anonymization)

In order to enable data retention rules which ensures candidate data subject consent under GDPR compliance, the admins need to do the following

  • Go to settings → General Settings → Preferences, click on the same 
  • Scroll through the bottom and click on “GDPR Compliance” 
  • Enable “Data Retention Toggle”
  • Provide time period to retain candidate in the respective cases (Discussed under Data Retention Fields*
  • Click on “Enable” to save the settings 


Below GIF demonstrates the above steps


*Data Retention Fields 


Freshteam allows auto data anonymization on two fronts, when the candidates are notified of the privacy policy through Freshteams GDPR Privacy Policy compliance & the other is the time period after which personally identifiable information of all your sourced candidates (added by a vendor, referrer, or recruiter) will be anonymized if they have not been contacted via email at least once after being added.


1. Candidates notified of the Privacy Policy

Specify the time period after which Personally Identifiable Information of all your rejected candidates will be anonymized




2. Candidates not notified of the Privacy Policy


Note: 

Enabling these settings will not automatically anonymize all your existing candidates’ personally identifiable information (PII) in your Freshteam account. 

  • We recommend that you email your new privacy policy links to candidates existing in Freshteam.
  • Old candidates’ PII will be anonymized only when the candidate’s status changes, such as Rejected.
  • The data retention period will be calculated from the date a candidate’s status changes 
  • Candidate’s PII in emails received in your mailbox and inbox notifications (outside of Freshteam) will not be anonymized.


These settings and information help towards GDPR compliance and are not intended to be legal advice for your organization. Learn more about GDPR.


Manually Anonymizing PII data 


Under GDPR compliance on right to be forgotten, candidates data can be anonymized or deleted whenever required or whenever candidate requests the same through application withdrawal from the system or deletion of data from the system.


Below GIF demonstrates how manual anonymization is done whenever required