GDPR and Crelate: Feature Walkthrough

Team of Recruiters discussing GDPR points

May 25th, 2018 sees the beginning of the paradigm shifting EU legislation, GDPR. The General Data Protection Regulation will revolutionize how companies use and store user data by giving control of the data to the user and making the data companies hold much more transparent. People will be able to request that their data be deleted, that they review all data a company holds on them, and much more.
GDPR also requires an explicit opt-in model of data collection rather than the opt-out model that has dominated heretofore.
Crelate has just released a wealth of features to help you navigate GDPR. These features, along with a comprehensive GDPR plan, will help you begin tracking user consent and giving you tools to make it easier to respond to GDPR requests.
While GDPR is only law in the EU, companies around the globe are changing their data collection model to be in line with the regulation for several reasons. Primarily, companies may have users who live in an EU state even if the company itself doesn’t. GDPR protections still apply in this case, so many companies have found it more efficient to provide GDPR privileges to all of their users regardless of location. Second, there’s some anticipation that similar data protection regulations will begin passing in other countries throughout the globe.

With that in mind, the features Crelate has released can be used by any company to help them shift their data and privacy policies to be more GDPR compliant. We’ll walk through the features to show how you can begin taking advantage of our new release. Your and your candidates experience will be slightly different depending on their relationship to you, so we’ll break that down and explore the tools you can use to seamlessly integrate it into your workflow.

Crelate Candidates, Applicants and Individuals

As recruiters, there will be a variety of different types of people interacting with your system – candidates you have in your system, applicants, and individuals who are curious to learn what data you have about them but have no relationship with you otherwise. Because their experience will be slightly different, let’s split these into three groups and go over them each- Candidates, Applicants, and Individuals.

Crelate Candidates

Your candidates exist in your Crelate already. You may have a well developed relationship with them or you may have just gotten their information. Likely, you have not tracked consent for these candidates before and will now need to. There are three ways you can obtain consent from your candidates.

First, Crelate has added badges to each candidate profile to display the current consent status at a glance. These badges have three states – consent obtained, opted-out, and no consent record on file.

Clicking on these badges displays a pop-up window that shows consent details. If they have consented, when they have consented, and the policy they consented to. This gives you the ability to change your privacy policy over time and track which one they have consented to. In addition, you can request consent from this pop-up box for your candidates. Crelate tracks their response, so you always have the most up to date information. While doing this on an individual basis is useful, at the very beginning you will likely have hundreds, if not thousands, of candidates that you will need to obtain consent from.

Second, Crelate provides a new Compliance section in your settings area that gives you several compliance views to get an overall snapshot of your system. Candidates Without Consent will show just that and will allow you to quickly send consent requests. If the candidate has a primary email address on file, the request is immediately sent, if not, we ask you to input an email address to send the request to. Additionally, there’s a view that displays all of the candidates that have consented to your data policy.

Finally, you can bulk email consent emails to your candidates. You can now include a consent link in any email you send to your candidates as shown below. This link is unique and will update your candidate’s consent status. This will be the fastest way to obtain consent on your candidates in bulk.

Gathering consent from candidates in your system will require some manual effort in the beginning but will be much easier to maintain in the long run and will help you be compliant. Obviously, the tool you use to obtain consent from your existing candidates will vary.

Companies have begun sending bulk emails to people that review the GDPR and their new data policies that ask for consent. In fact, you’ve probably received several already. With these tools, you’ll be able to do the same thing and easily obtain consent.

The way you can obtain from consent for applicants that enter your Crelate after you’ve enabled these GDPR features is slightly different. Let’s take a look at that experience now.

Crelate ATS GDPR levels of consent badges
Crelate ATS GDPR Consent History and Audit Log Feature

Crelate Applicants

Applicants are people who have applied to your job postings through your portal and enter your Crelate through that path. We have added several features to your portal to make it easier for you to track consent on future applicants.

You can now require applicants to consent to your data policy before they submit their application. This is a checkbox next to you data policy that is displayed on the application page. Checking this box is explicit consent to your data policies and they will show up in your Crelate has having consent. In addition, if you send an email to your applicants to thank them for applying, you can also include a link asking for consent in that email.

If you use our Chrome Extension to easily add people into your Crelate or manually add a resume, you’ll need to use the tools we mentioned early in the Candidate experience to obtain consent.

That about covers people who have a direct relationship with you. However, GDPR provides a method for any person to make data requests to you, even if they have no relationship to you. Let’s explore these requests now.

Crelate ATS GDPR messaging for requesting removal from database
Crelate ATS GDPR Consent Options Feature

Individuals and Requests

GDPR allows individuals to make a variety of requests to data holders regarding the data they have on them. They can make an update request, a delete request, request to obtain all of they data you hold on them, and to suspend data processing. These requests can come from candidates, applicants, or individuals who have no relationship with you. The timeliness and the manner in which you fulfill your requests we have left up to you, but we provide tools to help you track the requests made to you.

On your portal, we have added a new privacy section that allows individuals to make requests to you. These requests show in your Crelate in the Compliance section mentioned earlier. We have organized them for you into New Requests and Completed Requests.

When an individual makes a new request to you, it will automatically appear in new requests. You can view the details of the request and respond to it as your compliance policy directs you to. When you have satisfied the request, clicking Mark for Completion will automatically put it in the Completed Requests section.

The Completed Requests section will be your log of all completed request in chronological order. You can review the original request data. We do not track how you responded to the request but that you completed the request. We recommend you keep track of that as your compliance policy dictates.

Keep in mind that GDPR gives the right to any individual to make data requests to you, even ones that you have absolutely no data on. Crelate does not filter the requests, so you can be sure that any request made via your privacy page will be included in your new requests.

And there we go. Those are the features that are most candidate facing and the ones you’ll likely interact with on a day to day basis. But, it wouldn’t be Crelate if there weren’t customizations to make it your own. So we’ll take a look at that and then at a couple of scenarios that you’ll likely to run into in your day to day recruiting.

Crelate ATS GDPR Privacy Request Form Feature Interface
Crelate ATS GDPR Compliance Request Manager Feature

Settings and Customizations

Earlier this year, we released a several features for EEOC to help you more with compliance and we introduced a Compliance Tracking section in your advanced settings for business users. GDPR is an additional compliance feature, so all the settings for GDPR will live there and are only editable by admins.

Portal Options – In the portal options, you can choose to display a link to your privacy page on your portal. Additionally, you’re able to include a consent checkbox on jobs. This will require an applicant to consent to your data policies before their application can go through, which grants explicit consent to your data policies.

In this section, you have granular control for how much or how little you integrate GDPR into your Crelate. There’s three sections that affect GDPR settings – Consent Status Options, Application Email Options, and Portal Options.

Consent Status Options – Here you’ll be able to turn consent badges on and off. The consent badges display the consent status for your candidates and can display a dialog with consent history by clicking on them. Additionally, you’re able to set the default email template for sending consent requests.

Application Email Options – If you send application emails in response to an application, you’re able to include consent links here. You’re also able to set the email for the person who will receive privacy request emails.

Crelate API Compliance Tracking for EEOC and GDPR Feature Interface
Crelate ATS GDPR Filter by Consent Status Feature

Case 1 – Obtaining Consent From A Well-Known Candidate

After generating a roll up of possible candidates that would be suited to your newest open position, you see that all of your possible candidates have green badges next to their name, except for ones who have not been asked for consent. You’ve spoken to them in the past and they’ve verbally told you that you’re welcome to contact them for a position they think they’d be interested in. You click on their badge and easily click the send request for consent button. It immediately sends them an email that informing them of your data policies and requests for consent. The candidate responds affirmatively and their badge turns green.

Case 2 – Obtaining Consent From A New Candidate

In a similar scenario to case 1, you make a roll up of possible good fits. Your talented sourcer found a candidate that is a perfect fit for the position but you’ve never made contact before. Your data policies require consent, so you draft up a cold email that works your recruiting magic – explaining the role, how they’d be a great fit for it, and you’d love to chat about it with them. While drafting the personalized email, you also include a link to your data policy and explains your data policy to them. Once they receive your email, they click provide their consent to your data policy and their badge turns green.
This is a win-win for you. Not only have they consented to your data policies, but you know for a fact that you have a good email and that they’ve opened it and have read about your opportunity. So you’re able to nurture the relationship further and get that placement.

Case 3 – Getting Consent From Applicants Before Application

You’ve got a hot new position and put it on your job portal. Like all job postings, qualified and thoughtful applications begin pouring in. Because you’ve enabled the Consent Checkbox setting for applications, all of the applications you’ve received have explicitly consented to your data policy and those that don’t consent aren’t able to apply. You won’t need to request consent from these applicants and can immediately start finding the perfect candidate.

Case 4 – Getting Consent From Applicants After Application

In a similar scenario above, you’ve put a job posting on your portal. However, instead of requiring consent in order to apply, you include a request for consent in your email thanking them for applying. In this case, the applicants you receive will appear in your Crelate has having no consent record until they follow the link in your email and consent. This may widen your pool of applicants but you also won’t know for certain if every applicant you’ve received consents to your data policy.

Case 5 – Bulk Obtaining Consent

GDPR goes into effect and your data policy dictates that you must have consent from candidates before contacting them. You plan on contacting candidates who are actively being recruited for a job individually, but you want to send a bulk request for consent from candidates in your Crelate who aren’t necessarily being worked at the moment. So you open up your candidate dashboard and click find. In find, we’ve added an additional filter called Consent Status. This filter provides three consent options to filter on – Consented, No Consent On Record, and Opted-Out. So you click on No Consent on Record and who haven’t been touched in the last 3 months. You select all of these candidates and create a new bulk email. In this bulk email, you explain your new data policy and attach the consent link to it. This consent link is unique, so you send the bulk email knowing that you’ll get good response data shortly.

And there you have it! We hope that this walk through helped you with our GDPR features and gave you some ideas for basic usage. We’re excited to see how you integrate them into your recruitment flow and for your feedback.

Until next time!

– The Crelate Team

Scroll to Top