Compliance
      Back to home
      1. Firefish Software Help Centre
      2. Compliance

      Manage Candidate Compliance

      How to keep your candidate database compliant (candidate GDPR compliance)

      Quick jump to:

      Overview

      Firefish is a powerful tool designed to ensure your candidate database remains fully compliant with data protection regulations like GDPR. With features for managing consent and data retention, it simplifies complex compliance tasks and keeps your processes on track.

      Compliance permissions are set by a Super User in the User Permissions section. Once permissions are granted, a dedicated Compliance section will appear on your Dashboard To-Do List, giving you everything you need to monitor and manage compliance efficiently.

      Consent

      Managing candidate consent is a key part of maintaining compliance. Firefish organizes candidates into three distinct lists to help you track their status:

      1. Consent Never Requested
        Candidates who haven’t yet received a request to consent to your agreement.

      2. Consent Follow-Up

        Candidates who received the consent request but haven’t responded within the first 14 days. These candidates are still within the 28-day expiry limit.

      3. Consent Expired
        Candidates who didn’t respond within the 28-day time limit. Even after resending the consent request, candidates will remain on this list until they respond. They’ll move to the Follow-Up list after 14 days and return to Consent Expired after 28 days if no action is taken.

      Filtering Options:

      compliance1

      Firefish allows you to apply multiple filters to refine your view of candidates. Filters include:

      • Owner
      • Candidate Name
      • Registration Details
      • Candidate Source
      • Created Date

      compliance2

      The filter button shows how many filters are applied, ensuring transparency about the candidates displayed.

      Actions You Can Take:

      From each consent list, you have the flexibility to:

      compliance3

      • Reprocess Candidates: Choose a legal basis for processing their data (e.g., Request COnsent, Provided Consent or Legitimate Interest).
      • Mark for Deletion: Remove non-compliant candidates from your database.

      Processing or Deleting Candidates

      Reprocessing Candidates

      If a candidate hasn’t agreed to your consent request, you can reprocess their data by selecting a legal basis (e.g., legitimate interest). When you resend a consent request, the day counter resets to zero, and the candidate stays on the list until they respond.

      Deleting Candidates

      If a candidate declines your agreement or ignores the consent request, it’s best to remove them from your database to maintain compliance. Keeping non-consenting candidates in your system is not GDPR-compliant.

      When you delete a candidate:

      • Their details, including any attached documents, are permanently removed.
      • You can delete candidates individually using the three dots menu or bulk delete multiple candidates by selecting them and clicking Delete in the header section.

      If the delete option is greyed out, check with your Super User to ensure you have the necessary permissions. For more details on deletion, refer to the handy guide in Firefish.

      Data Retention

      The Data Retention section of your Compliance To-Do List helps you review archived candidates who’ve exceeded your organization’s retention period. By default, this period is two years, but Super Users can adjust it in:
      Settings > People Configuration > Candidate Settings.

      Key Information in the Data Retention List:

      compliance4

      • Candidate Name: Identifies the individual.
      • Consent: Displays compliance status.
        • A green tick indicates compliance.
        • A red cross indicates non-compliance or awaiting compliance.
      • Archived Date: When the candidate was archived.
      • Expired Date: When the archive expired, based on your retention period.
      • Note Icon: Any notes attached to the candidate’s archive action.
      • ... Menu: Use this to delete a single candidate or access additional actions.

      Example of Data Retention:

      If a candidate was archived on October 28, 2021, and your default retention period is two years, their archive would expire on October 28, 2023.

      Filtering Data Retention Lists:

      Filtering your data retention list is similar to any other list in Firefish, the options will include: 

      • Owner
      • Candidate
      • Expired
      • Consent (compliant/non-compliant)
      • Created
      • Source
      • Archive Date
        compliance6

      Deleting Archived Candidates:

      • Use the three dots menu to delete a single candidate.
      • For bulk deletions, select multiple candidates and click the Delete button in the header.
        Filtering options, as described for the Consent lists, also apply here, making it easy to sort candidates by archive date or other criteria.
        compliance5

      Summary

      Firefish streamlines compliance by helping you manage consent, reprocess or delete candidates, and monitor data retention. With intuitive features and flexible filtering, you can confidently ensure your database meets regulatory requirements while focusing on what matters most—finding the right talent.

      Let Firefish handle the complexities of compliance so you can focus on growing your business!