GDPR Compliance settings
Configure DPA activation, consent forms, data-request forms, and preferences from the GDPR Compliance page.
Where to manage
Page header: GDPR Compliance. Subtitle: "Manage personal data processing and GDPR compliance settings".
Activating GDPR (Data Processing Agreement)
Before the GDPR module is fully active for your workspace, you must activate the Data Processing Agreement. The page shows a dedicated activation step with the modal title "Data Processing Agreement" and a primary button "Activate GDPR".
Once activated, the four configuration tabs appear and the per-candidate Data Privacy tab becomes available across CVViZ.
1. Overview
Summary view of your workspace's GDPR posture β request counts, consent counts, and high-level status.
2. Preferences
Workspace-level preferences for how compliance flows behave (request handling defaults, notification preferences for compliance officers, etc.).
3. Consent Form
The consent text candidates see when applying. Stored in the form's consentForm field. This is the candidate-facing copy that explains what you'll do with their personal data.
4. Data Request Form
The form candidates use to submit subject-data requests (Access, Delete, Rectification, Erase, Stop Processing). Configure the candidate-facing fields and instructions.
Per-candidate Data Privacy actions
Once GDPR is active, every candidate gets a Data Privacy tab showing:
- Their consent state (Pending, Withdrawn, Offered, Not Offered).
- Submitted data requests by type (Access, Delete, Rectification, Erase, Stop Processing).
- Stop Processing and Delete actions.
See GDPR and compliance in the Candidates collection for the per-candidate flows.
Aggregate counts
The compliance model surfaces request and consent counts:
- Access requests β total, new.
- Delete requests β total, new.
- Rectification requests β total, new.
- Erase requests β total, new.
- Stop Processing requests β total, new.
- Consent: Pending, Withdrawn, Offered, Not Offered.
Permissions
The Compliance settings page typically requires admin access. The per-candidate Data Privacy tab is visible whenever GDPR is active for the workspace.
Tips
- Have your DPO / legal team review the Consent Form text before activating.
- Use the Data Request Form to direct candidates to a structured submission rather than ad-hoc emails.
- Review the Overview tab monthly to catch backlogs of pending requests.