Becoming GDPR Compliant: Consent Management

Last Updated:

Beamery's Consent Management features give you the tools to become fully GDPR compliant in a few quick and easy steps. 

Create consent request statements tailored to your legal requirements and brand, request opt-in for existing, newly sourced and inbound candidates, and track and manage consent to maintain a compliant database.

Setting up consent management 

1. Navigate to Settings and click on 'Compliance' under Company Settings. Here Super Admins can set up the text that candidates read before they decide whether they wish to opt-in or opt-out of communication with you. This page has three parts and all of them need to be set up carefully to ensure a clear and thorough consent request process. We strongly recommend that you seek legal advice before you complete each of these sections and consider the most appropriate way for your business to approach GDPR Compliance.

2. You can create different Compliance blocks for different needs. For instance, your organization may require a version of your Compliance statement in different languages, or you may require a specific version for in person events. 

Once your Compliance settings have been filled out, this is how the text would look for the candidate when opening the consent form page (your wording will vary based on need and legal advice).



Considerations in developing content for your consent management

1. Consent Request Statement

In this section, explain to the candidate why you are asking for consent. This text will appear on the top of your consent form page.

2. Opt-In Statement

This is the statement that candidates will consent to. Be sure to make this concise, clear and explicit so that candidates understand what they are consenting to. The answer to the opt-in statement will map to the "Consent" field in the Beamery People Grid. If candidates opt in, the number of days since they did so will map to the "Last Consented" field.

3. Privacy Policy

Ensure that you include a link to your privacy policy in this field, updated to comply with GDPR.

Note that as per GDPR we will include a link to our Data Enrichment policy in all consent management pages. This is done so candidates are aware that their data is being enriched. If candidates do not want their data enriched they will need to contact you. In this event, you can disable enrichment for a single candidate by clicking the three dots button on the top right corner of the profile. 

Select the "Disable enrichment" button and the profile's enrichment settings will be automatically updated.


Requesting consent from existing and newly sourced candidates

1. When you have the candidate's email address

If you have a candidate's email address, simply set up a consent request campaign by including one of the available consent variables (if you're unsure how to do this, have a quick look at our Campaigns help section):

  • The Opt-In Link will include a link to the consent request form unique to the contact
  • The Opt-In Button will include a "Confirm my Consent" button that also redirects to the consent request form unique to the contact

2. When you don't have the candidate's email address

If you don't have a candidate's email address, you can generate a consent form URL which is unique to them. This is handy if you're talking to a contact in Beamery via another platform, like LinkedIn. 

To do this, open the candidate's profile and click on the three dots button on the top right corner; select the option for "Generate consent link".

Note: as the link is quite long, you may consider using a link-shortening service before sharing it with the contact. 


Creating a consent loop for candidates who have opted in

As per GDPR, contacts should be able to opt out as easily and quickly as they opted in at any point of time. 

To demonstrate respect and commitment to candidates' personal data and preferences, it may be a good idea to set up a consent request campaign with a follow up email to let them know how they can update their preferences should they need to. For example:


You can access all GDPR-related campaigns by filtering by "GDPR campaigns", which will only show you campaigns that include a consent variable.


Requesting consent from inbound candidates

All forms now include a GDPR opt-in question allowing you to request consent from inbound candidates (for a quick re-cap on Forms, see our help article here). Ticking the GDPR opt-in box will enable the question. 

The Location field will also become required, to ensure you have this information in your database to track inbound candidates from EU locations for whom GDPR is relevant.


Once you tick the GDPR opt-in box, a GDPR opt-in section will appear. If you leave this section blank, the form will display the text set in your Compliance Settings (see above). You can also choose to overwrite any or all of the standard text in your settings for a particular form by typing into the relevant boxes.

This is what a candidate would see once passing the sign up page and continuing onto the form.


Tracking consent in your database

To help you track consent in your People Grid we have created two new fields:

  • Consent: this field displays whether a candidate has opted in or out.
  • Last Consented: this displays the time in days since the candidate has last opted in.

You can use the "Last Consented" field to filter candidates who have opted in a certain number of days ago. You can then archive and delete them if needed or anonymize them (which you can learn more about here).


Additional resources

Now that you have the tools to master GDPR, why not look at some of our expert advice on the best GDPR practices and everything you need to know for GDPR in recruiting? 

Download our Beamery Comply e-book and GDPR: The Complete Guide for Recruiting Teams e-book.