GDPR Compliance settings

Configure DPA activation, consent forms, data-request forms, and preferences from the GDPR Compliance page.

Where to manage

Settings → Compliance.

Page header: GDPR Compliance. Subtitle: "Manage personal data processing and GDPR compliance settings".

Activating GDPR (Data Processing Agreement)

Before the GDPR module is fully active for your workspace, you must activate the Data Processing Agreement. The page shows a dedicated activation step with the modal title "Data Processing Agreement" and a primary button "Activate GDPR".

Once activated, the four configuration tabs appear and the per-candidate Data Privacy tab becomes available across CVViZ.

1. Overview

Summary view of your workspace's GDPR posture — request counts, consent counts, and high-level status.

2. Preferences

Workspace-level preferences for how compliance flows behave (request handling defaults, notification preferences for compliance officers, etc.).

The consent text candidates see when applying. Stored in the form's consentForm field. This is the candidate-facing copy that explains what you'll do with their personal data.

4. Data Request Form

The form candidates use to submit subject-data requests (Access, Delete, Rectification, Erase, Stop Processing). Configure the candidate-facing fields and instructions.

Per-candidate Data Privacy actions

Once GDPR is active, every candidate gets a Data Privacy tab showing:

  • Their consent state (Pending, Withdrawn, Offered, Not Offered).
  • Submitted data requests by type (Access, Delete, Rectification, Erase, Stop Processing).
  • Stop Processing and Delete actions.

See GDPR and compliance in the Candidates collection for the per-candidate flows.

Aggregate counts

The compliance model surfaces request and consent counts:

  • Access requests — total, new.
  • Delete requests — total, new.
  • Rectification requests — total, new.
  • Erase requests — total, new.
  • Stop Processing requests — total, new.
  • Consent: Pending, Withdrawn, Offered, Not Offered.

Permissions

The Compliance settings page typically requires admin access. The per-candidate Data Privacy tab is visible whenever GDPR is active for the workspace.

Tips

  • Have your DPO / legal team review the Consent Form text before activating.
  • Use the Data Request Form to direct candidates to a structured submission rather than ad-hoc emails.
  • Review the Overview tab monthly to catch backlogs of pending requests.