GDPR Campaigns

This guide provides an understanding of how to utilize Bullhorn Automation to manage and streamline GDPR processes. The setup of GDPR automation can be complex. This article covers a common approach for automating many key steps, which includes some new automations and lists linked to those automations.

This is not legal advice. Consult with GDPR professionals for comprehensive strategy development.

Getting Started

Consent Module

To use Bullhorn Automation for GDPR compliance, set up the Consent Module within Bullhorn ATS and Bullhorn Automation. For more information, visit Bullhorn ATS Opt-In and Consent Management. If the Consent Module is not enabled, log a support case to get it activated.

Automations

The following are the recommended automations.

Inform and Gather Consent

This automation informs new and existing contacts about the possession of their data, the data sharing policy, and gathers their consent. The Request Candidate Consent - GDPR Blueprint Automation can be used to request consent from candidates and contacts who have no stored consent in the Bullhorn Consent Module from the past four years. This sends existing and new clients a short survey that saves their responses to the consent module in the ATS.

Review and tweak the automation steps and wording as needed.

Although this automation utilizes a Candidate based Survey for both Candidates and Sales Contacts, it is not recommended to use a Candidate based Survey for Sales Contacts in any other context. There are certain limitations this could cause outside the parameters of the gathering consent use case.

Consent Given

Bullhorn Automation stores the contact's answers in the Consent Module. Take further action on these records, such as including them in email campaigns and updating their consent status based on your internal process.

Consent Revoked

When consent is revoked, Bullhorn Automation updates the Consent Module. A lack of response can also be considered consent revoked.

Lists

Inform and Gather Consent List

Within the Request Candidate Consent - GDPR Blueprint Automation, the List encompasses all records that have no Consent stored to the Consent Module for the past 4 years. This means the List will encompass both net new records, and existing records that have no consent or the consent has expired.

Depending on existing processes, adjustments may be needed to include only new records. Alternatively, if consent is gathered via a different method when records are added to the ATS, it may be preferable to target only existing records where consent has expired. In both cases, adding a "Date added" criteria would be relevant. Some clients also include the source of the candidate as a criterion, as permissions and messaging may differ depending on where the candidates were found.

Consent Given List

There are numerous ways to use consent once it has been given. It may be desirable to thank the contact for giving consent after they complete the survey. To do this, combine the "Given Consent" values with the "Taken Engagement" criteria.

Example:

Depending on internal processes, criteria can be added to campaign lists to ensure emails are only sent to contacts who have given consent.

Example:

Consent Not Given List

There are numerous ways to use consent once it has been revoked. If only one option is given to contacts, one list would be needed to take action on those records. Most clients will send an email acknowledging the consent removal, then use an update step to archive the record, along with a step to opt them out of receiving further emails.

When a record is opted out, their email address is opted out, ensuring that a duplicate contact with the same email address is not accidentally emailed.

This List could look like this:

If multiple options for consent are available, some contacts may revoke consent for all purposes. Each consent purpose will need to be included in a separate condition group to identify those records.

Example:

When there are multiple options for consent some contacts may revoke consent for some purposes, but not all.

Ensure those records are suppressed from the relevant campaigns.For example, contacts may be interested in recruiting information but not newsletters. Use the criteria in a Suppression list.

Example:

Review this article for more information about Suppression Lists.

Surveys

Surveys represent a powerful tool for automating GDPR processes. They offer contacts the opportunity to choose their consent preferences, which can then be updated in your Bullhorn ATS consent module, ensuring consistency across platforms.

The survey included in our 'Request Candidate Consent - GDPR' Blueprint Automation is configured to save contacts' answers back to the ATS Consent Module. This setup would require review and adjustment to align with your specific business processes.

A basic example of a GDPR survey can be seen below, specifically asking contacts to differentiate consent for legitimate recruiting practices, versus newsletters or email marketing.