Introducing Lever’s GDPR Compliance Toolkit to Achieve Compliance with Confidence and Ease

It’s officially deadline month for GDPR compliance. Are you ready?

At Lever, we are. With a global customer base across more than 40 countries, Lever understands the importance of data privacy and security in the ever changing regulatory landscape and digital world.

We’ve written at length about the GDPR, including telling you what the regulation is all about for recruiting, sharing findings from our study of how 500 recruiters are preparing for the regulation, and letting you know how to configure GDPR in Lever.

But today, we want to give you more details on Lever’s GDPR Compliance Toolkit, in one spot. As a data processor, we are compliant under the GDPR, and we’ve invested great time and resources into building the GDPR Compliance Toolkit – a comprehensive and flexible set of features that help our customers meet their own obligations confidently and effectively.

Heather Luth, Project Manager of Strategic Initiatives for Talent Acquisition at Veon, the multinational telecommunications services company headquartered in Amsterdam, is glad to have a GDPR partner in Lever. “Getting ready for the GDPR has definitely been a challenge, but we’re all in the same boat,” she says, “Everyone is navigating through how to achieve compliance at the same time, and it’s been very reassuring to work with vendors like Lever who are well-versed in the regulation and committed to helping us meet our obligations.”

Lever GDPR Configuration Page

Lever customers will enjoy:

1. Comprehensive features for achieving compliance

While some ATSs have left critical gaps in their GDPR compliance support – like collecting candidate consent – Lever’s GDPR Compliance Toolkit addresses all the key requirements of the GDPR. These features include providing notice of data processing activities, gathering, tracking, and refreshing candidate consent where necessary, setting data retention timeframes, and responding to candidate rights requests.

2. Flexible workflows to support your company’s unique compliance needs

There’s no one size fits all way to approach compliance. For example, companies will have different approaches as to when they collect candidate consent and how long they store candidate data. To support this complexity, Lever provides flexible workflows and configurations that every organization can use to meet their unique compliance needs.

3. Built-in guidance and reports for staying compliant 

We know that achieving and maintaining GDPR compliance can feel daunting, especially when you have a whole team of recruiters handling candidate data. That’s why we’ve designed our GDPR features to be easy to configure, track, and manage – with alerts to keep you from taking actions that may compromise compliance, automatic nudges to take actions, bulk workflows, and reports that make taking the right steps quick and easy.

With that in mind, here are the key components of Lever’s GDPR Compliance Toolkit that will help our customers meet their new obligations.

GDPR Compliance Toolkit:

Collect, track, and refresh consent for active AND passive candidates

GDPR Collecting Consent

Lever provides flexible workflows for consent and legitimate interest. Companies who choose to rely on consent can ask applicants for consent during the application process. Furthermore, Lever provides consent links for passive candidates who are overlooked by other systems – like those you source – to collect consent and keep these candidates in your talent database for years to come.

Beyond helping customers collect consent, Lever makes it easy to track consent and take the right action when consent is about to expire – like refreshing consent or anonymizing candidate data – in order to stay compliant.

Provide notice of data processing activities

Lever GDPR Privacy Policy

Lever allows customers to provide notice of their processing activities via links to their privacy policy on their Lever application form.

Respond to candidate rights requests

Lever GDPR Candidate Rights Requests Page

Lever’s candidate rights page makes it easy for candidates to request to view and edit their data, or opt to be removed from your database entirely. Lever will send automatic reminders and assign tasks to candidate owners to ensure requests are resolved promptly. Moreover, candidate rights reports give you visibility into all candidate requests in one spot, so you can be confident that no request falls through the cracks and jeopardizes compliance.

Set data retention timeframes

Lever GDPR Data Retention Timeframes

The GDPR is clear that companies cannot keep personal candidate data indefinitely. Lever allows companies to determine a data retention period, identify candidates who have been in the database beyond the retention period, and take appropriate action.

Because you invest a great deal into building relationships with candidates, we imagine many companies will want to continue storing their candidates’ data. As such, in addition to simply anonymizing candidate data, companies who rely on consent can take advantage of Lever’s bulk workflows for seeking and/or refreshing candidate consent to preserve those valuable relationships.

Anonymize candidate data

Lever GDPR Anonymize Personal Data

When your company no longer has a lawful basis for retaining a candidate’s personal data, simply deleting the data would have a devastating effect on your reports. Lever ensures that you can meet your GDPR requirements and preserve the integrity of your reports with the ability to anonymize candidate data.


In addition to our GDPR Compliance Toolkit with comprehensive and flexible features for achieving compliance, Lever is EU-U.S. Privacy Shield certified, and will execute a Data Processing Agreement (DPA) with contractual assurances on security.

The right ATS will make a world of difference in easily achieving and maintaining GDPR compliance for recruiting. To learn more about recruiting under the GDPR with Lever, request a demo.