If your organization falls under GDPR (General Data Protection Regulation) requirements, Recruiterflow provides built-in tools to help you maintain compliance. This guide walks you through the essential steps to configure GDPR settings in your dashboard.
Overview
GDPR compliance in Recruiterflow involves two main areas:
Obtaining consent from candidates before collecting their data
Managing candidate data retention according to your legitimate interest period
Step 1: Add Disclaimers to Your Careers Page
If you're using a careers page hosted by Recruiterflow, you need to add consent disclaimers before candidates submit applications.
How to Add Consent Text
Go to your Careers Page settings in Recruiterflow
Navigate to the Footer Text section
Add your GDPR consent disclaimer (e.g., "By submitting this application, I consent to the collection and processing of my personal data")
Save your changes
Result: Applicants will now be prompted to agree to share and record their personal information before they can submit an application.
Example Disclaimer Text
"By submitting this application, you consent to [Your Company Name] collecting, storing, and processing your personal information for recruitment purposes in accordance with our Privacy Policy and GDPR regulations."
Step 2: Configure Candidate Data Retention Settings
GDPR requires you to define how long you'll retain candidate data and what happens when that period expires. Recruiterflow calls this your "legitimate interest period."
Enabling GDPR Compliance
Go to Settings in your Recruiterflow dashboard
Find the GDPR Compliance section
Select "Enable GDPR compliance"
Check "Enable GDPR opt-in"
Once enabled, you'll see three data handling options:
Option 1: Anonymize Candidate Profile
How it works: After a candidate is disqualified from a job, their personal contact information is automatically removed after X days, but their profile remains in your system as an anonymized record.
What gets removed:
Phone numbers
Email addresses
Social media profile links
What remains:
Anonymized profile data
Candidate is still counted in reports and analytics
Best for: Organizations that want to maintain hiring statistics while protecting personal data.
Configuration:
Set the number of days:
Anonymize Candidate Profile (After X days)The countdown starts when you disqualify a candidate from a job
Option 2: Get Opt-In From Candidate
How it works: After X days of being disqualified from a job, the system automatically sends a request to the candidate asking them to opt-in again to remain in your database.
What happens:
Candidate receives an opt-in request after the specified period
If they opt-in, their data remains in your system
If they don't respond or opt-out, you can take further action
Best for: Organizations that want to maintain long-term talent pools with active consent.
Configuration:
Set the number of days:
Get opt-in from candidate (After X days)
Option 3: Auto-Delete Candidate Profile
How it works: After X days of being disqualified from a job, the candidate's entire profile and all associated data are permanently deleted from your system.
What gets removed:
Complete profile deletion
All candidate data
Removed from all reports and analytics
Best for: Organizations with strict data retention policies or those who want minimal data storage.
Configuration:
Set the number of days:
Auto delete candidate profile (After X days)
⚠️ Warning: This action is permanent and cannot be undone.
Important: When Does the Countdown Start?
The retention period countdown begins when you disqualify a candidate from a job.
Action Required: Remember to disqualify all candidates you're no longer engaged with for a specific job to ensure the GDPR timer starts correctly.
Comparison Table: Data Retention Options
Option | Personal Data Removed | Profile Remains | In Reports | Best For |
Anonymize | Yes (contact info only) | Yes (anonymized) | Yes | Maintaining statistics |
Re-Opt-In | Only if no response | Yes (until opted out) | Yes | Active talent pools |
Auto-Delete | Yes (everything) | No | No | Minimal data retention |
Best Practices
✅ Set realistic timeframes: Consider your typical recruitment cycle when setting retention periods (e.g., 180 days, 365 days)
✅ Review regularly: Periodically audit your disqualified candidates to ensure GDPR timers are running
✅ Document your policy: Keep records of your data retention decisions for compliance audits
✅ Update your privacy policy: Ensure your careers page privacy policy reflects your chosen retention approach
✅ Train your team: Make sure recruiters understand the importance of disqualifying candidates properly
Need Legal Advice?
While Recruiterflow provides the tools for GDPR compliance, we recommend consulting with your legal team to determine:
The appropriate legitimate interest period for your organization
Which data retention option best fits your compliance requirements
The specific wording for your consent disclaimers
Need Help? If you have questions about configuring GDPR settings in Recruiterflow, contact our support team at help@recruiterflow.com or use the in-app chat widget.