Home Data & Privacy GDPR and compliance FAQs

GDPR and compliance FAQs

Last updated on Oct 02, 2025

Overview: 

Stafio.ai is built with data privacy in mind, providing the necessary tools to help you comply with regulations like the General Data Protection Regulation (GDPR). However, compliance is a shared responsibility. This article answers some of the most frequently asked questions about GDPR and provides guidance on how your manual actions within Stafio.ai can help you meet your legal obligations. Please note that this article is for informational purposes only and is not a substitute for legal advice. For specific compliance questions, you should consult with legal counsel. 

1. What is GDPR?

  • The General Data Protection Regulation (GDPR) is a comprehensive data privacy law that gives individuals in the European Union (EU) and European Economic Area (EEA) more control over their personal data. It sets strict guidelines for how personal data is collected, processed, and stored by organizations. 

2. Does Stafio.ai help me comply with GDPR?

  • Yes, the platform provides the tools to enable your compliance. Stafio.ai offers features such as: 

  • Secure Data Storage: All candidate data is stored securely using encryption. 

  • Manual Deletion and Export: You have the ability to manually delete a candidate's profile or export their data upon request, fulfilling key "Right to Erasure" and "Right to Access" requirements. 

  • Consent Management: The platform provides fields and functionalities to track and manage a candidate's explicit consent for data processing. 

  • Your Manual Responsibility: While the tools are in place, it is your responsibility to use them correctly. You must ensure you have a legal basis (e.g., consent) to process data, and you must act on a candidate's rights requests in a timely manner. 

3. What is "Explicit Consent" and how do I manage it?

  • Definition: Explicit consent means that a candidate has given you a clear, affirmative, and unambiguous indication of their agreement to their data being processed. For example, a candidate checking a box that states, "I consent to the storage of my data for future job opportunities," is considered explicit consent. 

  • Manual Management in Stafio.ai: You can manually track consent on a candidate's profile. The platform provides a field or a checkbox specifically for this purpose. It is a best practice to document when and how consent was obtained. 

4. What is a "Data Subject Access Request" (DSAR)?

  • Definition: A DSAR is a request from a candidate to know what personal data you hold about them, why you are holding it, and who it has been disclosed to. 

  • Your Action: If a candidate makes a DSAR, you can fulfill this request by navigating to their profile and using the manual "Export" or "Download Data" feature. This generates a file containing all the data associated with their profile that you can provide to them. 

**5. What is the "Right to Erasure" (or "Right to be Forgotten")? **

  • Definition: The Right to Erasure gives a candidate the right to have their personal data erased from your system without undue delay, under certain circumstances. 

  • Your Action: If a candidate invokes their Right to Erasure, you must manually delete their profile from the Stafio.ai system. The platform's deletion functionality is designed to permanently remove their data in a secure and compliant manner. You should also ensure that you have no other legal basis for retaining their data. 

6. Troubleshooting & Tips:

Issue: I'm unsure if I have the right to hold a candidate's data. 

Suggested Fix: Review the original source of the candidate's application to confirm that you have documented consent. If you can't find it, consider manually reaching out to the candidate to obtain their consent. 

Issue: I can't find a way to manually delete a candidate's profile. 

Suggested Fix: The delete function may be restricted to users with Admin permissions. If you are not an administrator, you must manually forward the request to an admin in your organization. 

Issue: A candidate is asking for data in a specific format. 

Suggested Fix: The manual export feature typically generates a standard file format (e.g., CSV, JSON). If the candidate requires a different format, you may need to manually reformat the data after exporting it.