On May 25, 2018, the General Data Protection Regulation (GDPR) went into effect. It’s a legislation that gives residents of the European Union more control over their data. It applies to you if you deal with the personal data of EU citizens, even if your business does not have a physical presence in the EU.

Our GDPR Commitment

As your applicant tracking system, enlist is committed to help you meet your GDPR obligations. Over the past few months, we have made several changes to our products as well as our policies. In this article, we will give you a brief overview of the tools we now offer.

As a data controller

As a data controller, enlist stores your personal data. Here are the steps we have taken to be compliant with GDPR.

EU-U.S. Privacy Shield Compliant

Under the GDPR, transfers outside the EEA is not allowed unless there are adequate protections. Enlist has self-certified to the EU-U.S. Privacy Shield.

Updated Terms & Privacy Policies

We have updated our privacy policy to include more details about the kind of data we collect, how we use it, and the rights you have.

We have updated our services to start collecting explicit consent wherever applicable. In addition to that, you will have the option to withdraw your consent at any point in time.

Data Retention

To avoid retaining your personal and candidates’ data indefinitely, when you close your account with enlist, all your data is deleted from enlist within 14 days.

Data Portability

We have built tools to help you export all the candidates’ data in your account.

As a data processor

As a data processor, enlist helps you process candidates’ data. We have built several features to help you be compliant with GDPR. You can find an overview of what we've done here.

Questions? We're always here to help. Just drop us an email at