The functionality is enabled by following these steps:
- Enable in Provisioning.
- Grant permission to manage Data Privacy Consent Statements in Admin.
- Create and maintain Data Privacy Consent Statements.
After completing this lesson, you will be able to:
The functionality is enabled by following these steps:
To enable the functionality in Provisioning, complete the following steps:
Once you enable Data Privacy Consent Statement 2.0, there are a few predefined statuses that are automatically added to your Applicant Status Set:
The Data Privacy Consent Statement 2.0 functionality is designed to be configured pre go-live. It is highly recommended to configure the default statement in Admin immediately after the Provisioning settings have been enabled. This will prevent candidates from getting an error at login.
Admin users need to have relevant permissions assigned in order to configure and use the Data Privacy Consent Statement.
To grant permissions, proceed as follows:
Please note that you can check the boxes for both Manage external data privacy consent statements and Manage internal data privacy consent statements in RBP, even if the internal option is not enabled in Provisioning. However, when you create a statement, the "Recruiting Internal" option will not appear if the internal option has not been enabled in Provisioning.
Remember that this step should be completed as soon as possible after the Provisioning settings have been enabled. If there is not a statement to present, candidates will get an error and will not be able to proceed.
To create a new statement, follow these steps:
Once the above steps have been completed, you will need to input the actual statement message and any applicable translations.
To input the actual statement message and any applicable translations, follow these steps:
After the default statement has been published, you can configure any additional country specific statements you may need.
Remember that the Recruiting Management statement is based on the candidate’s country/region of residence.
The following features are available for Data Privacy Consent Statements:
Occasionally, candidates are added to Recruiting Management without creating their own accounts and without seeing the configured statement. This issue happens when an employee refers, or an agency submits, a new candidate as well as when the add candidate functionality is used.
Users can set country-specific options on whether this type of candidate (internal or external) who hasn’t seen or accepted the current statement can progress through the pipeline. These settings also apply to any candidate who has accepted a statement, but not the most recent update.
The following permission is needed to be able to work with country-specific consent settings: Admin Center → Manage Permission Role → [Select Role] → Permissions → Administrator Permissions → Manage Recruiting → Country Specific Consent Settings.
To manage candidate access: Select Admin → Manage Recruiting → Country Specific Consent Settings and then complete the information for the selected countries.
If you select Don’t Allow, the user will not be able to update the candidate status until the new or updated Data Privacy Consent Statement has been accepted, either by or on behalf of the candidate.
If you select Allow After Confirmation, when a user is updating the candidate status, a warning message will pop up that says, "Allow candidate(s) who have not yet accepted latest DPCS statement". The warning message will be shown for both newly added candidates and those who haven’t accepted the most recent version of the Data Privacy Consent Statement. If the user checks this box, they will be able to proceed in updating the candidate status.
To gain access to different versions of statements, follow this process:
If the number of returned records exceeds a set threshold (10000), the system sends the report request to the server and the administrator receives a link to download the report.
The candidate search based on the Data Privacy Consent Statement is an admin opt-in feature for DPCS 2.0 customers. This functionality allows the candidate to be searchable only if they have accepted the Data Privacy Consent Statement. This feature can be leveraged by DPCS 2.0 to ensure that the candidates who have not accepted at least one version of the data privacy statement are not returned in the candidate search results.
This functionality has to be enabled in Provisioning → Manage Recruiting → Edit Candidate Privacy Options → Data Privacy Settings → Enable both internal and external options.
In Admin, to display only those candidates in the candidate search results who have accepted the Data Privacy Consent Statement at least once, navigate to Admin Center → Manage Recruiting Settings → General Data Privacy Settings → Allow Recruiting users to access candidate information if they have accepted one of the versions of the Data Privacy Consent Statement.
Enabling this option also ensures that the candidates who didn’t accept at least one version of the Data Privacy Consent Statement are unsearchable. If the option is disabled, all candidates are searchable regardless of the Data Privacy Consent Statement acceptance.
This setting only appears in Manage Recruiting Settings if all prerequisites are enabled.
Applications that are created by the candidate before enabling the Allow Recruiting users to access candidate information if they have accepted one of the versions of the Data Privacy Consent Statement setting are still available in Recruiting Management pages.
The search areas that display candidate information based on the Data Privacy Consent Statement option are as follows:
Data should not be stored any longer than is required. In some cases, local/regional legislation may require purging of user data from your system after a certain length of time for data protection and privacy. In other cases, user may choose to purge user data simply because it no longer serves a business purpose.
Data retention time management (DRTM) is data purge solution that offers more complete coverage across the HCM Suite and the ability to configure different retention times for different types of data and different countries.
The Data Retention Management feature set allows users to configure the purge of candidate data from the system on a recurring schedule and based on configurable country specific retention times via the Data Retention Time Management feature set.
Purging data in the SAP SuccessFactors HCM Suite is irreversible, and as such is built to be a multi-step process requiring a request and an approval. This ensures oversight before records are permanently and irretrievably removed from the system.
The DRTM Master Data Purge type is included in the table below, as it is applicable for Recruiting when it comes to purging recruiting users and internal candidate profiles and applications. This master data purge permanently and irreversibly removes inactive users from your instance, along with their associated data from across the HXM Suite, including audit data.
The configured retention time for DRTM master data overrides the retention time that is configured for any other DRTM purge objects. However, this purge will not remove any Recruiting Management user, defined as "Any Job Requisition Approver, Interviewer, or Offer Approver" who is active in your Recruiting process. Their pending action will need to be dispositioned or transferred to another user before they can be purged. This is also referred to as "User Veto" and no configuration is needed for this.
The following table shows the purge request types that are applicable in Recruiting, along with the user/candidate type that is included for each purge and a brief description of each purge type.
|Purge Request Type
DRTM Master Data Purge
Internal Users (HXM Suite)
|DRTM Inactive Candidate Purge
|External Candidates (Recruiting)
|DRTM Inactive Application Purge
|Internal & External Candidate Applications (Recruiting)
|DRTM Recruiting Read Access Log Purge
|External Candidates (Recruiting)
|DRTM Audit Data Purge
|Internal Users (HXM Suite)
Inactive candidates can be anonymized by creating a purge request in Data Retention Management. Inactive candidates are candidates who haven’t logged in to their accounts for the number of days configured as the inactivity period.
If you don’t want to lose candidate data through the purge action, contact the candidates through email to ask them to activate their accounts by logging in to the system. It's possible to configure the number of days before the purge date, when email alerts are triggered to notify inactive candidates to take action before their profiles are anonymized.
If the DRM 2.0 Candidate Purge: Do not purge Candidate Profile if there are existing applications in the system for that candidate" setting, shown in the figure, DRM 2.0 Settings, is enabled.
The candidate profile won’t be purged for any in-progress applications. Candidates in a draft, closed, withdrawn, or disqualified status will be purged. For the "Requisition Closed" and "Hired on Other Requisition" statuses in particular, this will purge or not purge the candidate profile, based on the "Consider job applications with the status "Requisition Closed" for purging" and "Consider job applications with the status "Hired On Other Requisition" for purging" settings that you can see in the figure, DRM 2.0 settings. This is a newer functionality and previously candidates in these statuses were not purged. If you want to purge inactive candidates in these two statuses, ensure you have these options enabled.
Internal and external candidate application data purges are set up per application and based on their status as defined in the table below.
For the top three withdrawn statuses (which refer to the items for manually deleting candidates), these candidates will be purged with the next run of the Recruiting Management Entity Anonymization job, which is a job that is created in Provisioning. If you schedule this job to run daily, it’s important to know the candidates are not anonymized in real time, but rather daily, at the time specified in the scheduled job.
For the "in-progress" statuses and "forwarded" statuses, applications get purged when the candidate profile gets purged. For "in-progress" statuses, candidate profiles are not purged, as indicated in the candidate profile purge table above, so these applications will not be purged.
For the remaining statuses of "Withdrawn by Candidate", "Auto Disqualified", "Onboarding Statuses", and "Disqualification Statuses", applications are purged by the DRTM Inactive Application Purge, as per the retention period. This job is configured by an admin user in Admin Center.
For data protection and privacy, it's possible to anonymize candidate profiles and their disqualified job applications data together using the Anonymize Candidate Profiles feature in Admin Center.
The system removes personally identifiable information from their candidate profiles and the personally identifiable information from disqualified application are anonymized after legal minimum period is reached when:
If, however, you need override this retention period and anonymize candidate profiles with their disqualified applications immediately, Anonymize Candidate Profiles allows you to do both. If a candidate profile is already anonymized, the tool lets you find the applicant's disqualified applications so that you can also anonymize them.
These disqualified applications become anonymized when the scheduled RCM Entity Anonymization Job runs.RCM Entity Anonymization Job runs.
This option anonymizes the disqualified applications for applicants whose candidate profiles have already been anonymized. Using the search feature, you can find applicants by their candidate ID.
The search doesn't return applicants who are yet to be anonymized. If your search returns no results, try searching for them in the Anonymize Candidate Profiles and Applications option instead, or run an anonymization job to anonymize candidates in case the candidate has already been marked for anonymization.
To configure Data Retention Time Management, proceed as follows:
This job anonymizes the data, and so must be configured. It is best practice to configure the job to run daily.
If you do not see the feature on the list, the feature is already available in the instance.
To manually add, proceed as follows:
To import, proceed as follows:
To use the Data Retention functionality, proceed as follows:
If launched immediately, the approver will need to look on the Request Pending Approval tab. Here they can download a preview of what candidates will be marked for anonymization if approved. This Purge preview report can be used to confirm purge is set up properly and ran successfully.
For the Launch Immediately option, the preview report is generated immediately after it is submitted. You only need to approve once to start the purge process.
For scheduled purge requests, the approver will need to access the Scheduled Requests Pending preview report to view and approve the schedule. The user has the option of approving the request or the series. Either way, once the approval is given, a preview report is generated at the next scheduled run time and a notification sent. The user will then access the Purge Request Monitor screen, Request Pending Approval tab to review the preview report and approve again to start the purge process.
Fully approved purge requests are sent to the job scheduler. For scheduled requests, the purge job runs at the soonest available time after its next scheduled recurrence. For an immediate request, the purge job runs at the next available time, generally within a few minutes.
The actual purge job status can be checked at any time after it is approved by accessing the Approved Request tab. Here, the user can download the preview report, view the job details, and/or access view results for the completed report that can be used to confirm whether the purge job was successful or not for each type of data in the purge. Error messages in the final report can be used to troubleshoot data that failed to purge as expected.
A user with relevant permissions (Admin Center → Manage Permission Role → Data Retention Management → DRTM Purge Freeze can put a legal hold on data for a specific candidate so that their data is not removed by a DRTM data purge. Possible use cases are pending litigation or other legal requirements that supersede the configured retention time.
To add a candidate to Purge Freeze, proceed as follows:
Editing an existing entry in the Purge Freeze list includes the following:
If users need to edit or delete an existing entry on the Purge Freeze list they will search for the DRTM purge freeze object and find the specific entry in the second box. Then they can use Take Action and either correct or delete from the list.
Users can also import and export the list via import and export data using a similar method to the one used to import the updated country object.
Log in to track your progress & complete quizzes