The ICO says:
“Under Article 17 of the GDPR, individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.”
“Individuals have the right to have their personal data erased if:
- the personal data is no longer necessary for the purpose which you originally collected or processed it for;
- you are relying on consent as your lawful basis for holding the data, and the individual withdraws their consent;
- you are relying on legitimate interests as your basis for processing, the individual objects to the processing of their data, and there is no overriding legitimate interest to continue this processing;
- you are processing the personal data for direct marketing purposes and the individual objects to that processing;”
Within Adapt, users would start the process of ‘Right to be Erasure’ by running the Right to Be Forgotten workflow which is accessible from the GDPR shortcut icon or GDPR & Checks page on a person record:
Record the Reason for Request from:
- Consent withdrawn
- Data erased for legal reasons
- GDPR breach
- No longer necessary to retain data
- Objection to data processing
Record the Decision. This is the decision made on what to do as a result of the request. The options are:
1.Remove from Database – Use this option to schedule a ‘hard’ delete of the Individual from Adapt. A ‘hard’ delete means the record can never be retrieved.
2. Retain and Restrict – Should the Agency wish to retain enough information about an individual in order to ‘remember that they previously asked to be erased/forgotten’, then this option can be used, if required. It enables Agencies to keep track of who has been deleted.
Note: Selecting this decision creates a skeleton ‘restricted record’. It will ‘hard’ delete the data and documents etc. behind the scenes as with the full delete process, but will retain the Individuals name and ID for future reference. This puts the record ‘beyond use’, which would satisfy the ICO provided that the data controller holding it:
- is not able, or will not attempt, to use the personal data to inform any decision in respect of any individual or in a manner that affects the individual in any way;
- does not give any other organisation access to the personal data;
- surrounds the personal data with appropriate technical and organisational security; and commits to permanent deletion of the information if, or when, this becomes possible.
- The Agency will need to ensure that the Individual is aware of what the deletion process entails, and that under this method, their name and ID is retained. Users should be aware that currently, there is no mechanism to further ‘hard delete’ the remaining data.
3. Retain for legitimate reasons – This option allows the Agency to retain the Individual in Adapt for legitimate reason, perhaps due to employment law. For example, an Individual has objected to their data being processed. However, they are still being paid by the Agency for work, so the data can be kept for legitimate reasons as they cannot be paid otherwise. This should be noted in the Legitimate Interest in Retaining Data section.
Whichever decision is chosen, Adapt will check for the following recruitment activity:
- Has the Candidate been submitted to a Job? – If so, Adapt will give the user the option to stop or continue the deletion.
- Is the Candidate linked to a current or future booking? – If a linked assignment is found, the user will be presented with a warning message. The deletion process will stop, and the user will need to unbook the Candidate to proceed. The journal will be updated to show that the data is being retained for Legitimate Interest. No further action is taken against that candidate record.
- Does the person have any duplicate records? – If so, these records will also be flagged for deletion. Note: A duplicate is identified by matching the full name and email address.
- How many years should assignments be kept for? This is checked in the GDPR settings page of the administrator profile.
- If assignments are found that are within the ‘Years to Keep assignments for’ time period, a warning message will be displayed:
“Past assignments are linked to this candidate; do you wish to delete anyway?”
- If Yes is selected, the full delete process will happen. If No is selected, the journal will be updated to show that the data is being retained for Legitimate Interest. No further action is taken against that candidate record.
Note: When the Right to be Forgotten activity is run and confirmed, the Consent field on the GDPR & Checks page of the Candidate record is now automatically set to No regardless of the decision recorded.
If the user chooses to go ahead with the deletion, the record will be put into RESTRICTED mode and queued for deletion. Records queued for deletion can be monitored in the GDPR Notifications studio (see the Monitoring GDPR section). Deletion occurs during an overnight procedure on the scheduled Deletion Date.
For each decision option, the following table shows the user what will happen in Adapt:
Note: A failure report is emailed to a specified user if an Adapt record 'deletion' for GDPR fails.
A new field is available in application settings on the GDPR Settings page labelled 'Send GDPR Failure Notifications to?'. A nominated user's email address should be entered. When there is an unknown failure on a record marked for deletion (through GDPR), a warning email will be sent to this email address:
"Dear Adapt user,
Date - (of failure)
Subject - Adapt delete process failure
The following records were not deleted as part of the 'remove from database' functionality.
We will try again tonight, but you should check that these records are fully deleted. If not, you may need to contact your Support Representative for further assistance:- (the following to be in a repeating table)
ID of entityName of person queued for deletionDeletion Date Date of restriction
Adapt users should monitor these records and inform their Erecruit representative if the deletion continues to fail.
Tailoring the delete process
Once a record is marked for deletion, there is a delay before it is actually ‘hard deleted’. This allows users time to notify 3rd parties or change their mind etc. The delay is set in the administrator profile by setting the Deletion Date Control to 7, 14, 21 or 28 days (Note: It is set to 28 by default). Once deletion has been requested, the Deletion Date is calculated based on this setting.
There is also a setting called Years to keep assignment for. This enables Agencies to set a period of time in years to keep records for employment law, HMRC purposes etc. For example, if this is set to 3 years, no person records marked for deletion will be deleted unless all the assignments on the record are dated prior to 3 years.
Finally, only users of Adapt with GDPR permission rights can run the Right to be Forgotten workflow.
See the GDPR Settings in Adapt article, or ask your Erecruit representative to set these for you:
For any Candidates deleted in Adapt, for the following integrations the system will:
- Notify TempBuddy and receive notifications from TempBuddy to remove or restrict them where possible.
- Remove them from any Mailchimp lists and Campaigns via a call to the Mailchimp API.
- Delete any Integration links with LinkedIn.
- Notify Cube19 via a DELETE method to their API.
- Notify LinkedIn via a DELETE method to their API.