GDPR Settings in Adapt

Permission to delete/restrict records & run SAR, Storing GDPR consent & policy documentation, GDPR settings.

J
Written by Jackie Read
Updated over a week ago

There are some settings for GDPR in the Adapt Manager profile of Adapt. If you don’t have access to this, please ask your Erecruit representative to set these for you. 

GDPR Permissions to Delete or Restrict records & run the Subject Access Request workflow

Only users of Adapt who have the GDPR Compliance Admin permission can:

  • Restrict and stop processing (delete) records in Adapt. 

  • Run the Subject Access Request workflow

In the Adapt Manager Profile, from the Employee record of the user, navigate to the Permissions page. Edit the record and select the GDPR Compliance Admin permission. Save the record:

Users may want to store GDPR documentation in Adapt, which will automatically be attached when running the Consent/Permission Request workflow. These documents are held in the Office record of the user.

Within the administrator profile, navigate to the Office record of the user. In the Document Library, navigate to the Consent Request folder. Add the required documents here:

GDPR Settings

When a user makes a request to Stop Processing (delete) a record, there is a delay before the actual ‘hard’ deletion takes place. Users can set the delay in days using the GDPR Settings page in the Administrator/Adapt Manager profiles. 

Set the Deletion Date Control to 7, 14, 21 or 28 days (Note: It is set to 28 by default):

The Years to Keep assignments for field allows users to set a time limit in years on how long they keep employment records for. This may be due to employment law for example. This is set to 3 years by default, but users can pick any number from 1 to 999.

If there is a request to delete a person who has assignments within this time period, they will not be deleted. See the Right to be forgotten section for further detail. 

Send GDPR Failure Notifications to? – A failure report is emailed to a specified user if an Adapt record 'deletion' for GDPR fails. Use the 'Send GDPR Failure Notifications to? Field 'to input a nominated user's email address. The user should monitor these records and inform their Erecruit representative if the deletion continues to fail.

Enable Override on Batch Eshots – Adapt has implemented automatic opt-out on Eshots due to GDPR compliance, meaning the fields Eshot and Can SMS? are set to No by default on a person record. This means currently when sending batch Candidate Eshots, any Candidate where these fields are set to No will be ignored. When the Enable override on Batch Eshots setting is set to ‘Yes’, it enables the user to choose to send batch Eshots to these Candidates regardless.

Consent Retention Period - A modifiable code group called Consent Retention Period is available, currently offering:

  • 6 months

  • 1 year

  • 2 years

  • 3 years

  • 4 years

  • 5 years

  • 6 years

  • 7 years

  • 8 years

  • 9 years

  • 10 years

This field will be set to 2 years by default.
When a user runs the Record Consent/Permission activity in Adapt, the value of the Consent retention period field will be checked and the consent expiry date will be calculated on load using this value and today's date.

Did this answer your question?