Manage Candidate Compliance

How to keep your candidate database compliant (candidate GDPR compliance)

Quick jump to:

Overview

Firefish is a great tool for ensuring all candidates in your database are fully compliant.

Compliance permissions are set by a Super User in User Permissions. If you have permission to manage compliance, you'll see a section dedicated to this appear on the To Do List on your Dashboard.

Consent

In this section, candidates are split into 3 lists:

1. Consent Never Requested - These are candidates who have not yet received a request to consent to your agreement.

2. Consent Follow Up - These are candidates who have received your agreement but have not agreed within the first 14 days of receiving it, (but are still within the expiry time limit of 28 days).

3. Consent Expired - These are candidates who have received your agreement but have not agreed within the expiry time limit of 28 days. Candidates that appear on the Consent Expired list will remain on that list when resent the agreement. They will then move to the follow up list after 14 days and return to this list after 28 days.

From each list, you'll have the following options for reprocessing candidates:

  • Manually choose a legal basis for processing candidates data.

  • Send an initial agreement request (Consent Never Requested) or an agreement request reminder (Consent Follow Up/Consent Expired).

  • Mark a candidate for deletion.

Manually choose a legal basis for processing candidates data.

Send an initial agreement request (Consent Never Requested) or an agreement request reminder (Consent Follow Up/Consent Expired).

Mark a candidate for deletion.

Filtering Compliance lists

The filter button allows users to filter by owner, candidate name, registration, candidate source and/or created date:

The filter button will also indicate how many filters have been applied so it's clear to the user that some candidates have been filtered out. The button also allows users to apply multiple filters at once.

Reprocessing or deleting candidates

Reprocessing Candidates

Select the type of legal basis for processing.

For a consent request, the count of days on the will reset to ‘0’ and the candidate will stay on this list until the candidates agreed to your candidate agreement.

Deleting Candidates

If a candidate declines your agreement or ignores your consent request, we'd recommend you think about deleting them from your database. They haven’t given you consent to hold their data, so if you keep it in your database, this is not GDPR compliant.

Deleting the candidate will permanently remove their details from the system - including any documents attached to their profile. If you want more information on what happens when you delete a candidate, check out this guide.

Data Retention

This to-do list allows you to review any archived candidates that have exceeded your data retention period.

The default retention period is 2 years but you can change this in > People Configuration > Candidate Settings.

The information includes:

  • Consent - The candidate's consent status.

    • Green tick if they have Consented to your candidate agreement.

    • Red cross if they are Awaiting Compliance or Non-Compliant

  • Archived - The date that the candidate was archived.

  • Expired - The date that the archive expired. This is based on your data retention setting.

    • For example, if a candidate was archived on 28/10/21 this would expire on 28/10/23, (assuming the default 2 years retention period).

  • Note icon - The note from the candidate's archive action

  • ... icon - The candidate menu. From here you can delete a single candidate.


For example, if a candidate was archived on 28/10/21 this would expire on 28/10/23, (assuming the default 2 years retention period).

Note icon - The note from the candidate's archive action

... icon - The candidate menu. From here you can delete a single candidate.

If you decide that a specific candidate should be deleted you can do this from the ... menu on the right of their details.

You can also bulk delete multiple candidates by selecting them and using the Delete button that appears in the header section.

If either of the Delete buttons are greyed out that means you don't have permission to perform that action. If you think that's not right please see your Superuser.

If you want more information about what happens when you delete a candidate check out this guide.

Filtering works the same as described above for the Consent lists.