Gem should not be acting as legal counsel for our customers, so any advice or guidance that we give should be framed as examples of what we have seen other customers implement. Please direct them to their own lawyers for advice on how to manage consent in their role as the data controller for the candidate data in their Gem accounts.
Ideally, the following would be shared on a call as opposed to in writing, but the following is what we can share with customers who ask:
Some customers have added a specific footer to their sequence emails or a separate sequence stage requesting consent from the candidate, when they are sourcing EU candidates, which includes a link to their privacy policy. This has the added benefit of also establishing a cadence for refreshing that consent if the candidate doesn’t immediately move forward into a hiring funnel. As the data controller for all candidate data in your Gem instance, your own interpretation of your requirements under GDPR should dictate any additional workflows you build when you integrate Gem into your recruiting processes.