Data Subject Rights
The GDPR explicitly states certain rights for the data subjects in Articles 12 to 23. We need to understand and fulfil them when individuals seek to exercise those rights.
- Right of access: The subject's right to obtain from the controller, the confirmation as to the processing of their data and furthermore request to access their personal information.
- Right to rectification: The subject's right to ensure that their personal data is accurate and updated as needed.
- Right to erasure or be forgotten: The subject's right to ask the controller for the erasure of their personal data without undue delay.
- Right to object and restriction of processing: The subject's right to object to the processing of their data and even restrict it if they so desire.
- Right to data portability: The subject's right to obtain their information in a structured and machine-readable format or have their data transferred to another organization if feasible.
- Right to be informed: The subject's right to be informed of how and why their personal data is being processed. Also, they have the right to know if the data is being shared with other third-party. This can be addressed by identifying the appropriate lawful bases to process data.
- Right to be notified: In case of a data breach, the data subjects need to be informed within 72 hours of first having become aware of the breach.
Add Data Subject Requests
There are two ways in which the above mentioned requests can be collected.
Manual
- The data subjects can send requests to you in an email.
- You can get the request on a call or orally, in person.
Automatic
- Send Data Request link via email.
- The requests raised by your candidates will by automatically captured in Zoho Recruit.
Add Data Subject Requests Manually
On collecting the requests, you need to update it in your Recruit account and do the needful actions to handle the requests.
To add a data subject's request in your account
- Click open the data subjects record in your Recruit account.
The record could be in the Candidates, Contacts, or any other custom module for which GDPR Compliance is enabled. - Click Data Privacy.
Under the Data Subject Requests section, click the Add Request link. - In the New Request popup, select a request and click Done.
The request will be added to the record.
Handle Requests Within Zoho Recruit
Let us understand how these requests can be handled within Zoho Recruit.
Access (Right to Access)
Using Zoho Recruit's email templates you can create templates with the candidate personal data using merge fields. This template can be used to send emails when data subjects request to have access to their information. Data subjects can also access their information through candidate portals.
To send an email with the data subject's information
- Click open the data subjects record and click Data Privacy.
- Under the Data Subject Requests section, click the Add Request link.
- In the New Request popup, select Request to access data.
- Click Done.
The request will be added to the record. - Click Send email for the Request to access data.
- In the email composer, select the email template with the merge fields and send the email.
Rectify (Right to Rectify)
You need to send an email with the CSV file that contains the data subject's information. Data subjects can rectify the information in the CSV file and send it back to you to import it in your Recruit account and update the information. Data subjects can also themselves rectify and update their information through the portals.
To send and email to rectify data subject's data
- Click open the data subjects record and click Data Privacy.
- Under the Data Subject Requests section, click the Add Request link.
- In the New Request popup, select Request to rectify data.
- Click Done.
The request will be added to the record. - Click Send email for the Request to rectify data.
An email composer will open, with a CSV file as attachment. The attachment contains the data subject's information that is available in the selected module. - In the email composer, draft the email and send.
Export (Right to Portability)
Data Subject information is be exported, attached to an email and sent in a machine readable format (CSV format), all without being downloaded on to the Controller's device.
To send a copy of the data subject's data
- Click open the data subjects record and click Data Privacy.
- Under the Data Subject Requests section, click the Add Request link.
- In the New Request popup, select Request to export data.
- Click Done.
The request will be added to the record. - Click Send email for the Request to export data.
An email composer will open, with a CSV file as attachment. The attachment contains the data subject's information that is available in the selected module. - In the email composer, draft the email and send.
Stop Processing (Right to Stop Processing)
Once they exercise this right, you need to stop processing the data subject's information. To handle this, Zoho Recruit has the option to lock the data subject's information and prevent it from further processing. When a record is locked, the details in the record, will be locked from further use or processing in Recruit. For example, emails will not be sent from workflow rules, you cannot edit the record, share it, run macros on it, or even merge it with its duplicate.
To lock the record
- Click open the data subjects record and click Data Privacy.
- Under the Data Subject Requests section, click the Add Request link.
- In the New Request popup, select Request to stop processing data.
- Click Done.
The request will be added to the record. - Click Lock for the Request to stop processing data.
- Click Yes, Proceed to confirm.
The record will be locked. You cannot perform any actions for the record, as mentioned earlier.
Erase (Right to be forgotten)
Once exercised, the data subject's information can be locked for the retention period defined in the Data Controller's terms of service. During this period data will not be processed in Zoho Recruit, after which the controller has the option to delete the data subject's information. Once deleted, the record's email address will be moved to a block-list and the re-entry of the same data will be prevented via import, synchronization, etc. However, you will have the option to manually add a record with the same email address.
Note
- Users should have Manage Data Subject Requests permission to move a record to blocklist.
- When a record is block-listed, all the records bearing the same email address will be deleted across all the GDPR enabled modules.
- The block-listed records can neither be retrieved nor be viewed.
- When a record is block-listed, it is deleted from Zoho Recruit. However, all the records associated to the block-listed record will not be deleted. The associated will be removed.
To lock and block-list the record
- Click open the data subjects record and click Data Privacy.
- Under the Data Subject Requests section, click the Add Request link.
- In the New Request popup, select Request to delete data.
- Click Done.
- The request will be added to the record.
- Click Lock to stop processing the data before deleting it.
- Click Move to block-list to delete it from your Recruit account.
In the Blocklist Record popup, click Move to blocklist.
The record will be deleted and the email address will be added to the block-list. - Click Yes, Proceed to confirm.
Add Data Subject Requests Automatically
Add the data subject request link in the email or create an email template and send it to your data subjects. This allows them to submit a request in Zoho Recruit on their own.
To add data request link in email template
- Go to Setup > Customization > Templates.
- Select the Email tab and click +New Template.
- In the Create Email Template section, select the module.
- Click the Data Request icon
- In the Add Link window, do the following:
- Click Select all to add all the types.
- Select the Language from the drop-down list and click Save.
- Save the Template.
To add data request link in email
- Go to the Record Details page and click Send Email.
- In the compose window, click Data Request icon.
Click Select all to add all the types. - Select the Language from the drop-down list and click Save.
- Click Send.
Raise Data Request
By using the Data Request link, the candidate can raise a request and it will be automatically captured in Zoho Recruit. Your candidates can follow the given steps to raise a data request.
To raise Data Request
- Your candidates can click Data Request Link from the email.
- Add a request of their choice.
- Confirm the request.
- This request will be captured in the Data Privacy section of the respective records.
The content presented herein is not to be construed as legal advice. Please contact your legal advisor to know how GDPR impacts your organization and what you need to do to comply with the GDPR.
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Zoho DataPrep Resources
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
GDPR Readiness
Europe's new privacy policy law intends to give more control to individuals over their personal data. This control over information is given through a few rights. Zoho Recruit has brought in features to make you be compliant under GDPR. Based on user ...Consent Management
Zoho Recruit's consent management settings helps you get consent from your data subjects by providing a system where you can customize the consent form, include it in your email templates, set consent related preferences, and most importantly, get ...GDPR for Candidates
No matter where applicants are applying from, there will be an additional field under web forms. This field would ask for their confirmation for their data to be processed. For new web forms, you will see a default Compliance Information section to ...Data Sharing Rules
By default, access rights to Recruit records are set as private so that the record owner and his/her manager can oversee the Recruit data. However, using the Data Sharing Rules, you can extend the access rights to users belonging to other roles and ...Export Data
Zoho Recruit allows you to export a backup of all your Recruit data in a few simple steps. The export options available in Zoho Recruit are: Export module data Request Recruit data backup Export Module Data The Export Data feature allows you to ...
New to Zoho LandingPage?
Zoho LandingPage Resources