GDPR activities

GDPR activities

The GDPR Fish have been busy!


There’s a lot to cover, so we have broken everything down into key areas below: 


GDPR requirement 

    What have we done


What’s currently in build



Candidate GDPR agreement



  • Within your ‘web’ module there’s a ‘permissions’ page where you can create your candidate agreement (CA).


  • Your CA can then be added to your advert applications (all Firefish versions) and web registrations (Professional & Enterprise only).


  • Firefish records and provides a time & data stamp on the candidate agreement. These details can be found on the ‘candidate subscriptions’ page.


  • You’re likely to make updates to this agreement over time, but we will always show the agreement version that the candidate has originally accepted.



  • The ability to search on which candidates have agreed to which version of your agreement.

Opting in existing Candidates


  • We have made the link to your candidate agreement readily available in your bulk email templates, so you can easily send out an email updating your candidates with a link to your agreement.
  • As you update your candidate agreement, you’ll be able to select the option to email all candidates (or contacts for your Terms of Business). This will lead your respondents to a secure web page to authorise their account and ask them to accept your new agreement.


  • Soon the software will be able to recognise if a candidate has not agreed to your most up-to-date agreement, so when they apply or log into their candidate portal, it will automatically trigger a notification for them to read and accept.



Preview CVs





  • Amongst our user community, this is one of the top-voted features to change. We’re aware of how important this is to our customers and are in the process of making a substantial infrastructural change to our software to support this.



Unbundled marketing subscriptions



  • Candidates can opt in to different unbundled marketing options (SMS, bulk emails, offers, postal options).


  • Candidates can change their subscription preferences at any time through their candidate portal.


  • In the case of an unsubscribe requests from job alerts, candidates are directed straight to the their own subscriptions page where they can unsubscribe manually.



  • We will be extending the automatic unsubscribes to the ‘bulk email’ function from ‘searches’


  • For contacts we will be separating out the ‘CV sent on spec’ as a separate email opt in so contacts can still hear about your news but opt out to receive speculative CV’s and vice versa.


Request to remove


  • Your candidates are assigned one of three statuses – ‘live’, ‘archived’ and ‘removed’.


  • Recruiters can remove a candidate (individually and in bulk) from search results. This action will opt the candidate out of all marketing sub-sections, close their candidate portal down and record a request-to-remove action on the candidate record with the date and user that preformed the action.


  • These candidates will be now have the ‘removed’ status in your search and will feature a red dustbin icon on their record.




  • Each week, we will run an automated deletion of the candidates who have requested to be removed. This will include all of their details, notes, documents and action summary – everything but the person’s name and email address.


  • For legal processing purposes, we will retain any candidate’s placement, extension and termination actions. There will also be the option to retain the ‘cv send’ action to record which third parties have been sent the candidate’s details.


  • Moving forward, we will be developing a ‘settings’ page where you can adjust which details, actions and documents are actually deleted according to your selected data processing options.



Candidate portal



  • As a Firefish user, having a candidate portal already provides a big tick for your GDPR requirements checklist. As a Firefish professional or enterprise user, your candidates are able to log in to manage their own profile, subscriptions and have full visibility of the jobs that they have submitted.


  • We’ve already made significant password security updates to candidate logins. It’s now a requirement that the candidate’s password is a minimum of 8 characters and includes a mixture of caps and lower case, symbols and numbers. Any temporary password that the candidate is provided with only lasts for 24 hours. As soon as the candidate attempts to use this temporary password, they’re asked to change this.




Company Preferences




  • Recruiters will be able to select any company or site that the candidate has stated they do not want to hear from. This action will prevent that candidate from appearing in any potential matches for that company, as well as contacts, job and job alerts. 


  • You will have the option to make this feature available for the candidate to select companies themselves in their candidate portal, which gives them an additional element of control. 





Cookie policy

  • We have updated all the essential and non-essential cookies that are used for your own guide.


  • We will be adding an automatic link from your SEO plugin to add a link to your web privacy and cookie policy outline.



If you have any further queries on the information provided, please channel these through your Success Manager or the Support Desk.