We know how important & sensitive the topic of consent to keep one's personal data is, especially when it comes to hiring. Now CakeHR allows for increased flexibility & automation when dealing with personally identifying information (PII) of applicants.
New tools allow to prompt the applicants for consent to store their information in CakeHR (both automatically & manually!), revoke the consent, as well as anonymise their personal information.
⚠️ Attention! By enabling this feature you will trigger a mechanism that may automatically alter the data of your applicants. We recommend to read this article & carefully consider your company's internal approach to data retention before activating this feature.
What do I need to set it up?
A user with 'Administrator' level access in CakeHR.
How do I configure the Data retention policy feature?
First, go to Settings -> Recruitment -> General. You can find a checkbox "Enable data retention policy for applicants" under "Data retention".
Enabling this feature will activate the Data retention policy & reveal the list of parameters that control how Data retention policy & related functionality will work for you:
How does it work?
Let's suppose you have enabled the Data retention policy feature with same parameters as shown above. Now, for every new applicant who was not asked for consent to keep & process their data yet, a new button in applicant's profile will appear: "Ask for consent":
Clicking this button will send a consent inquiry to applicant's mailbox. The applicant will be able to Approve or Decline the inquiry using the buttons in the email they received.
If not requested manually, the system will send out the inquiries automatically after a period of time, as specified in parameter "Send consent inquiry automatically after ... days". Such inquiries will be sent to all new applicants who were never asked for consent. You can change this value according to your preference.
Once an applicant has provided their consent, the consent can be revoked using "Revoke consent" button.
Revoking consent will immediately anonymise the private information of this applicant.
⚠️ There are more cases when private details of your applicants can be anonymised. Read about these cases below.
How does anonymisation work?
Your applicant records will get anonymised in following cases:
- You have "Revoked consent" for this applicant
- An applicant was sent a consent inquiry but they took too long to respond (longer than specified in "Store personal information for ... days" parameter)
- An applicant Declined a consent inquiry using Decline button in consent inquiry email
Anonymisation means altering of a given applicant's personal data. However, their applicant's record will remain open & will be reflected in all reports.
You can choose whether some particular registers will be anonymised as well. Visit Settings -> Recruitment -> General to select:
What happens if I disable the Data retention policy feature after the consent inquiries are sent out?
These applicants who will receive the email will still be able to approve or decline the consent inquiry. Their personal information may be altered automatically unless they provide an approval to keep their data by clicking a button in the consent inquiry email.