Europe’s new General Data Protection Regulation is a vast new set of privacy rules intended to give Europeans more control over how their data is collected, stored, processed and transferred. Whether you are located in the EU, or located elsewhere but conduct business in the EU, all of your data processing activities that involve the data of EU citizens must comply with the GDPR, which comes into effect on May 25th 2018.
Beamery's Consent Management and Manual Anonymization features enable you to become fully GDPR compliant. For a step-by-step walkthrough of how to set up Beamery for complete compliance, your Customer Success Manager can take you through the 'Beamery Comply: Consent Management and Manual Anonymization - Implementation Checklist'.
Consent Management: Create consent statements in Settings, request an opt-in for existing candidates (using Campaigns that link to the consent capture form), request opt-ins for inbound candidates (by appending the consent statement to all forms), and track consent (as well as the time since consent) for all contacts via the People Grid.
Manual Anonymization: Anonymize archived contacts, and un-anonymize candidates who retract their initial request to have personal information deleted. Anonymization works like deletion, except we'll hide rather than delete the contact name, email, social URLs; so that we can identify, flag and block a previously anonymized contact from being accidentally added to the database.
A quick note before we carry on. While we have consulted legal teams specializing in data protection when updating features, Beamery is not a law firm and we do not provide legal advice specific to your organisation. All wording in images are for placeholder purposes only and we recommend that you review all wording with your legal counsel and Data Protection Officer, or equivalent.
Setting up consent management:
Set up your consent statements via the Compliance section in Settings. This text will be shown to candidates on consent capture forms, and in forms for Beamery Pages customers.
There are three sections, all of which are required fields:
- Consent request statement: This is where you can explain to candidates why you are asking for consent.
- Opt in statement: This is the statement that candidates will consent. It’s important to word this correctly and clearly so candidates understand what they are consenting to. The opt in/out answers to this statement map to the ‘Consent’ field in your People Grid, and if the candidate opts in, the ‘Last Consented’ field will show how many days have passed since the candidate opted in.
Requesting consent from inbound candidates:
You will see a new GDPR opt in question in form builder. Ticking the box and publishing the form will make the consent statement visible on the form as a required question for the candidate to answer. By enabling the GDPR opt in question, the ‘Location’ field becomes a requirement for candidates, so you can track and manage consent for candidates that are in EU countries.
The GDPR opt-in section can be left blank; your default compliance statements (already filled out in your Compliance Settings) will populate these fields automatically when published. But, you can overwrite your default compliance statements if needed by completing the necessary fields (as per the image above).
Requesting consent from existing candidates:
Creating a consent email loop for candidates:
Candidates should be able to opt out as easily as they opted in, and they can do this by revisiting the consent capture form at any time through the same button or link. You might consider sending a consent confirmation campaign to candidates who have opted in and including the button or link in this message too.
Tip: To find these GDPR-related campaigns in your Campaigns list, filter by ‘GDPR Campaigns’, which will display all active campaigns that include the opt-in link or button variables.
Tracking consent in your database:
Consent is captured in two, filterable fields, which you can find as separate columns in your People grid:
- Consent: This displays if a candidate has opted In or opted out
- Last Consented: This displays the time in days since the candidate opted in, to help you eventually schedule re-opt in campaigns, or to automate purges of contacts without up-to-date consent
You can use these fields to filter candidates who have either opted out, or candidates who last consented beyond a certain period of time (who you can then archive or delete to keep your active database clean, and mark them as 'Do not contact' from their profiles).
When a contact is anonymized, all of their data is deleted from the Beamery database, aside from name, email and social URLs, which are hidden. These are kept in order to check and prevent anonymized contacts from being accidentally added back into Beamery, with or without an email. Beamery prevents users from re-adding anonymized contacts into the database by flagging previously anonymized candidate profiles.
Super Admins, Admins and Team Members can anonymize contacts from their full profile via a two-step process to reduce the risk of accidental anonymization, where the user is required to archive the contact first, and will receive a warning to confirm the action when they are about to anonymize the contact. Anonymization is only possible for Archived contacts.
Super Admins can manually un-anonymize contacts from their profiles via the three-dot dropdown menu if contacts have requested to be un-anonymized. If a non-Super Admins needs to un-anonymize a contact having received the contact’s request, they can either ask the candidate to sign up via a form, or share the contact’s full profile URL with a Super Admin.
Once an anonymized contact has been un-anonymized or re-opts in via a form, the contact will re-appear as a standard profile with their name, email and social URLs. You will also see an activity card in their full profile indicating when the contact had been previously anonymized for full context.
Preventing anonymized contacts from being added back into Beamery:
If someone on your team tries to add an anonymized contact into Beamery either manually, or when sourcing via the Extension, they are redirected to the anonymized full profile, and are prevented from being able to re-create an anonymized contact.