Internet Explorer is not suitable for CleverStaff, go to Chrome or Firefox

GDPR Compliance

in CleverStaff recruitment software

The GDPR stands for the General Data Protection Regulation and is the new European Union Regulation set to replace the Data Protection Directive (DPD) and The UK Data Protection Act 1998. It places greater obligations on how organizations manage personal data.

Personal data is ANY information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, links to social networks, posts on social networks or a computer IP address.

What have we done for you
to be GDPR compliant?

Below, we’ve summarized some of the key criteria that your company needs to follow under the GDPR regulation and how CleverStaff can help you to be compliant with it.

(Art 5-9, Recitals 38-56)

"Your data must be stored in a secure manner."

All the data is hosted by our trusted providers. CleverStaff securely encrypts passwords and uses only secured connection for data transfer. Our software platform uses modern security framework as the main part of security functionality.

(Principle 3)

"Your solution must support data minimization"

There are a couple of standard fields to fill with candidate personal data in CleverStaff by default and it limits the scope of info needed to proceed with candidate processing. But since every hiring process is unique, we also give you the opportunity to add any fields you require to complete the process. So keep in mind this GDPR principle during your work process.

(Principle 1)

"You require candidate consent to use his personal data"

The consent is not obligatory in all the cases, but CleverStaff gives you an advanced feature – getting, tracking and managing the candidate consent.

(Principle 1, Art 13 and 14)

"You need to notify candidates"

There is a candidate consent status block in personal profile of every candidate. Send the consent request to the candidate with a few clicks using customizable email template.

(Principle 4)

"You need to keep data up to date"

You can update your candidate profile just in one click if it is saved from external resources – total automation. In case you’ve added the candidate manually, our candidate profile edit function works smoothly and takes no time at all.

(Recital 64)

"You need to make it easy for a candidate to get informed about privacy policy"

We’ve added the checkbox with candidate consent request and links to Privacy Policy and Terms & Conditions on the application form. Candidate needs to tick it to send his application form on the vacancy opening. More than that, with our simple API you can integrate CleverStaff functionality to the careers page on your website.

(Art 17, Recital 65)

"You need to manage deletion requests"

You are able to completely delete candidates in CleverStaff. If you want to delete your whole account – it is also may be done in just a few clicks! (Here we give you a 7-day gap before permanent deletion for restoring your account).

"Any supplier who Processes Data must be compliant"

CleverStaff is completely GDPR compliant

What have we done to be
GDPR compliant ourselves?

We have thoroughly analyzed the GDPR requirements and have put in place a dedicated internal team to drive our company to meet them. Our preparation streamline consisted of such milestones that we’ve reached:

Updated our Privacy Policy.

The new regulation required the new approach in Privacy Policy contents delivery. It has been rewritten in a new way and now it fully complies with the GDPR: it is concise, transparent, intelligible and easily accessible.

Managed our internal processes and procedures regarding security.

We reviewed all our security architecture along with encryption methods and verified that they fully satisfy the GDPR requirements. We also have established a brand new data breach instruction and internal security processes to ensure your maximum privacy protection.

Reviewed our business partners.

Our data storage cloud providers, integrators, and other suppliers have been requested on their GDPR compliance and we have been granted with the complex compliance from their side.

Projected, developed and released needed upgrades to our product.

All the necessary functionality for you to meet the requirements of the GDPR during your work in CleverStaff is already onboard!

General questions and answers

1. When will the GDPR come into effect?

It comes into effect on 25 May 2018.

2. Who does it apply to?

The GDPR applies not only to organizations located within the EU but also to ones regardless of their location if they process personal data of EU individuals or companies.

3. Where does GDPR apply?

The GDPR applies to processing carried out by organizations operating within the EU. It also applies to organizations outside the EU that offer goods or services to individuals in the EU.

4. What will the penalties be for failing to comply with GDPR?

The maximum fine a company can face is 4% of its annual global turnover, or €20 million, whichever is the highest.

5. The individual rights under GDPR and your actions to comply.

You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically. The GDPR includes the following rights for individuals:


  • · the right to be informed
  • · the right of access
  • · the right to rectification
  • · the right to erasure
  • · the right to restrict processing
  • · the right to data portability
  • · the right to object
  • · the right not to be subject to automated decision-making including profiling

Enjoy CleverStaff!

We have tested and verified our company’s GDPR compliance with the external lawyers engaged. We take care of your convenience and your trust. Be sure you’ve chosen the right ATS.

Professional Software for Applicant Tracking and Recruitment Automation with full GDPR compliance