Software usage and processing of user data has increased exponentially over the years so has the importance of data privacy. Our organizations goal is to have safeguards in place to ensure data is protected and that users aren’t subjected to uninvited surveillance. Businesses today are often at risk of unintentionally violating these data privacy regulations because they don’t have sufficient compliance measures to protect data and be compliant.
Our goals re: data retention at Lever were focused on reducing likelihood of data retention related fines for our customers with global presence, reducing time spent finding candidates whose retention period is expiring, and increasing the number of data retention locations active per enterprise customer.
The initiative outcome produced almost $2MM in revenue retention during MVP alone.
The GDPR stands for General Data Protection Regulation (GDPR). The objective of the GDPR is to ensure the protection of personal information through a human rights-centric approach and allow secure transfer of personal information within and across jurisdictions. At present, the GDPR is considered to be one of the best global practices in relation to data protection and privacy legal landscape.
Software usage and processing of user data has increased exponentially over the years so has the importance of data privacy. Data is an important asset, and can be big business in today’s digital economy. Organizations goal is to have safeguards in place to ensure data is protected and that users aren’t subjected to uninvited surveillance. Businesses today are often at risk of unintentionally violating these data privacy regulations because they don’t have sufficient compliance measures to protect data and be compliant.
GDPR follows 7 core principles. At the time, Lever did not fully enable customers to maintain applicant data which often resulted in fines for larger EU customers. Previously owned by Renee M, Lever’s design manager, but due to her departure as well as shifting focus onto Effex investments the project was handed to me.
Our discovery required extensive research on GDPR laws and best practices within our customer jurisdictions so we could approach our problem solving phase with a clear and empathetic understanding around customer GDPR concerns and frustrations.
Our research goals focused on what functionality was most important to our customers when maintaining their applicants GDPR data, validate our use case for data retention by job location (localization prioritization), and gain insight into our customers concerns with current Lever's GDPR model.
Lever’s enterprise and/strategic customers were found to have multiple job locations around the world. Users want to separate compliance sections by collection, retention, and anonymization. Due to their global presence, we quickly realize it was a necessity for including data retention by job location.
For phase 1, we focused on Lever's enterprise and strategic customer base. Customer success managers provided insights from customers that tied back to ongoing company-wide initiatives for preventing churn and improving conversion in our enterprise funnel, which we knew at the time was directly correlated to GDPR concerns.
We focused on enabling our users in the areas they described. We built a management portal within settings for customers to manage their compliance based on collection, retention, and anonymization, making enabling flexibility in each category vs our previous model where categories were grouped with globally applied rules. Additionally we added Adding data retention by job location.
Scalable compliance settings: Existing compliance (i.e GDPR) page is not scalable for Lever to support multiple regulations. Lever will continue to add more regulations from around the world which can hinder performance and usability of the existing page. Building scalable settings page will help Lever reduce product, design, and engineering effort to add new regulation and compliance capabilities to the page.
Localization of data retention: Lever’s enterprise and/strategic customers have multiple job locations around the world. Due to such global presence, our customers have to comply with local data privacy regulations related to how long they can retain the data for. It is extremely risky for our customers to retain data beyond it retention period. It can lead to significant penalty from regulatory body if they are subject to compliance audit.
After initial interviews with customers, key takeaways features required for customer data retention settings involved the following changes:
The finalized designs offered customers a brand new portal to manage their data retention, collection, and anonymization settings. Our approach was flexible and dynamic to offer customers in multiple locations a consistent and seamless experience, regardless of the number of jurisdictions an org may contain.
Every company will have different preferences on how they want to comply with the new General Data Protection Regulation. A key piece to enabling our customers was focused on customization and choice; users needed to the ability to choose their preferences for data collection and retention based at a country or location level. Country allows users to apply the same set of GPDR compliance rules to all office locations within that country, while allows customers to get as granular as they want with configuration, segmented by region, city, or jurisdiction (for European based countries).
Retention settings were made up of "lawful basis" which defines how organizations chose to store and contact candidates within an active pipeline. An active pipeline in this context just means candidates who have applied to active job openings at that company. Employers set their basis on how long they'd store a candidates data after an opportunity has closed (otherwise seen in the design as candidate interest), where companies choose to store data regardless of user content, lawfully, as it adheres to their localization policies.
Additionally the anonymization settings gave our customers the ability to select individual fields they wished to keep vs anonymize once candidate data has expired. Anonymizing opportunities in Lever allows you to remove candidate’s personal information based on the parameters you outline below in order to fall into local data compliance regulations. What you choose to keep can be used for recruiting-related reporting needs.
In addition to setting parameters to remove candidate data, in which it becomes unrecoverable, organizations can candidate data within their system, such as email, as hashed instances which stores and hashes the candidate email in an unreadable format to securely identify them in the future.
Lastly, we gave our customers the ability to search and bulk-anonymize candidates in addition to customizing parameters for auto-anonymizing candidate data after a set period of time.