GDPR Compliance

Stay compliant with Jobvite

At Jobvite, we fully understand the importance of GDPR and the impact it has on your organization. The Jobvite Platform is fully GDPR compliant and we can help you navigate the GDPR requirements to ensure that your recruiting and onboarding programs stay in compliance. Jobvite gives you easy-to-use, self-service capabilities to help you meet the GDPR requirements and demonstrate compliance.  

Obtain consent from data subjects 

GDPR requires you to provide greater transparency to candidates about the information that you collect and how long that data is kept. It also requires that you explicitly obtain consent and record that consent. Jobvite is designed to help you meet this requirement by obtaining unambiguous consent from each candidate.  

 With Jobvite, you will be able to: 

  • Configure and deploy customized consent forms (by location and in the appropriate language) on your career site. The consent forms framework and interface provides candidates detailed information about the data you are collecting and an option for them to express action. It then records that action during the apply process 
  • Give candidates the ability to self-identify their location and Jobvite will automatically serve up the correct consent form for them to complete 
  • Define a data retention timeframe for contacts and multiple data retention timeframes for applicants; define data purge policies beyond the GDPR requirements for contacts, applicants, and new hires; and orchestrate data deletion activities including auto or manual, and a purge of all data or only specific fields
  • Send automated email alerts and request consent forms for candidates that come from sources other than your career site (i.e. bulk contact imports, manual entry, resume databases, etc) 
  • For existing contacts in Jobvite, use campaigns embedded with a direct URL for contacts to visit which obtains, tracks, and records individual consent

Meet enhanced data subject rights

Under GDPR, a candidate has the right to request to view their information, update their profile with the correct information, and have their information deleted. With Jobvite, you will be able to meet their request in the following ways: 

Social Media

  • Right to Access: Access all of the data associated with a specific candidate from candidate profile to process request
  • Right to Rectification: Update a candidate record by editing their profile directly 
  • Right to be Forgotten: Delete their record completely from Jobvite or forget a candidate by anonymizing the personally-identifiable data to maintain reporting integrity. You can either automatically purge candidate data, in accordance with your data retention policies, or delete a candidate record on a per-request basis 

Please note that the onus is on you to provide a mechanism for a candidate to submit a request for deletion and then process that request. 



Curious to learn more?

See the entire Evolve Talent Acquisition Suite.

Our end-to-end suite is built for modern recruitment.

Watch Product Tour

GDPR compliance reporting and audit 

GDPR requires that organizations maintain records of all processing activities so that they can demonstrate compliance if an audit is conducted by the EU Data Protection Authority. Jobvite’s robust reporting system will let you easily track and report all GDPR-related activities with: 

  • Out-of-the-box Consent Audit Reports that will give you a summary and detailed views of consent records and processing activities 
  • Purge Audit Reports that also have a summary and detailed view. These reports will show you all of the candidates removed over a selected timeframe



Jobvite is a Data Processor under GDPR

As a Data Processor, Jobvite performs the following under GDPR: 

  • Maintains clear documentation of data security measures, data protection policies, and procedures 
  • Provides a Standard Data Privacy Agreement (DPA) as part of your contract with Jobvite 
  • Provides all of the information required to demonstrate GDPR compliance – including Article 30 Reports
  • Conducts a GDPR review of our third-party vendors and partners