We know how important & sensitive the topic of consent to keep one's personal data is, especially when it comes to hiring. Now CakeHR allows for increased flexibility & automation when dealing with personally identifying information (PII) of applicants.
New tools allow to prompt the applicants for consent to store their information in CakeHR (both automatically & manually!), revoke the consent, as well as anonymise their personal information.
⚠️ Attention! By enabling this feature you will trigger a mechanism that may automatically alter the data of your applicants. We recommend to read this article & carefully consider your company's internal approach to data retention before activating this feature.
What do I need to set it up?
A user with 'Administrator' level access in CakeHR.
How do I configure the Data retention policy feature?
First, go to Settings -> Recruitment -> Data retention. Here you can find a few groups of settings. Let's go through them.
For new applicants without consent
"Enable data retention policy for applicants" - a checkbox that enables the Data retention policy in your CakeHR company. Every other settings becomes active if data retention policy for applicants is in force.
"Send consent inquiry automatically after ___ days" - when a new applicant without previous consent is added in CakeHR, they will get an email inquiry asking to provide the consent to keep their data in your CakeHR account.
"Store personal information for ___ days" - duration of data retention for an applicant who is due to provide (or decline) a consent.
For applicants with consent
"Store personal information for ___ months" - once an applicant has provided consent, their personal information will be stored for the specified amount of time.
"Send a repeated inquiry ___ days before consent expiration" - before the applicant's consent expires, CakeHR will send them a repeated inquiry to extend their consent. This setting specifies the amount of days the applicant will have to provide a new consent before the previous expires & their data is anonymised.
"Prompt to extend consent for ___ months" - the duration of repeated consent, when the consent is automatically re-inquired.
How does it work altogether?
Let's suppose you have enabled the Data retention policy feature with same parameters as shown above. Now, for every new applicant who was not asked for consent to keep & process their data yet, a new button in applicant's profile will appear: "Ask for consent":
Clicking this button will send a consent inquiry to applicant's mailbox. The applicant will be able to Approve or Decline the inquiry using the buttons in the email they received.
Unless requested manually, the system will send out the inquiries automatically after a period of time, as specified in parameter "Send consent inquiry automatically after ___ days". Such inquiries will be sent to all new applicants who were never asked for consent. You can change this value according to your preference.
CakeHR will wait for applicant's consent as long as specified in "Store personal information for ___ days" parameter. If an applicant hasn't provided consent by the moment the specified period has expired, their data will be automatically anonymised.
If applicant has provided consent to store their data, CakeHR will retain their personal data for the duration of "Store personal information for ___ months" parameter.
The consent can be revoked using "Revoke consent" button.
Revoking consent will immediately anonymise the private information of this applicant.
Before the consent expires, system will re-inquire the applicant to extend their consent as specified by "Send consent inquiry automatically after ___ days" & "Prompt to extend consent for ___ months" parameters.
⚠️ There are more cases when private details of your applicants can be anonymised. Read about these cases below.
How does anonymisation work?
Your applicant records will get anonymised in following cases:
- You have "Revoked consent" for this applicant
- An applicant was sent a consent inquiry but they took too long to respond (longer than specified in "Store personal information for ... days" parameter)
- An applicant Declined a consent inquiry using Decline button in consent inquiry email
Anonymisation means altering of a given applicant's personal data. However, their applicant's record will remain open & will be reflected in all reports.
You can choose whether some particular registers will be anonymised as well. Visit Settings -> Recruitment -> General to select:
What happens if I disable the Data retention policy feature after the consent inquiries are sent out?
These applicants who will receive the email will still be able to approve or decline the consent inquiry. Their personal information may be altered automatically unless they provide an approval to keep their data by clicking a button in the consent inquiry email.