Overview
This article helps you understand and use Access Volcanic's compliance tools to meet privacy regulations, manage data protection requirements, and handle compliance requests effectively.
๐Note: Access Volcanic provides tools to support compliance but does not provide legal advice. Always consult legal counsel for specific regulatory obligations.
Access Volcanic provides eight integrated compliance areas: user consent tracking, legal document management, data representative oversight, audit trail management, Right to be Forgotten requests, Subject Access Request requests, diversity question configuration, and automated data deletion.
Key benefits
Using Access Volcanic's compliance tools helps you:
Streamline regulatory compliance with automated workflows for GDPR, CCPA, and other privacy regulations.
Centralise data protection management through a single platform that handles consent, requests, and deletion processes.
Maintain comprehensive audit trails with detailed logging of all compliance actions and approvals.
Reduce manual workload by automating routine compliance tasks like inactive account deletion and request notifications.
Protect candidate privacy while meeting business needs through configurable consent and data collection options.
Respond quickly to regulatory requests with built-in workflows for Right to be Forgotten, Subject Access Request, and data export processes.
Ensure accountability with role-based permissions and Data Representative oversight for sensitive operations.
Support global compliance with region-specific diversity question settings and legal document management.
Before you start
Before using compliance tools, ensure you have:
Admin access to Access Volcanic with appropriate permissions for the tools you need to use.
Data Representative assigned - at least one Main Data Representative (typically your Data Protection Officer) must be configured to approve sensitive requests.
Legal guidance on compliance requirements specific to your business and the regions where you operate.
Internal policies established for handling GDPR requests, data retention, and privacy compliance.
Understanding of your data flows including any third-party integrations that may require separate compliance management.
๐ Note: Compliance requirements vary by jurisdiction and organisation. Always consult with legal professionals to ensure your specific obligations are met. Access Volcanic provides tools to support compliance but does not provide legal advice.
๐Note: Click on the link โค to expand the section you're interested in:
User compliance
User compliance
User compliance tools help you track candidate and admin consent, manage account deletion requests, and maintain GDPR compliance across your Access Volcanic website.
Accessing user compliance
Log in to the Admin Area.
Click the Your Website tab.
Under Compliance, select User Compliance.
You'll see a list of user consents with filtering options to help you review compliance activity.
Filtering user consent data
Use these filters to review user consent activity effectively:
Filter | Purpose |
Find by user name or email | Search for a specific user by name or email address. |
Consent Confirmed | View users who have accepted a legal document. |
Consent Not Confirmed | View users who haven't accepted a legal document (includes candidates and admin users). |
Date | Filter by date using the calendar widget. |
Viewing candidate consent history
To check a candidate's legal consent history:
Log in to the Admin Area.
Click the Roles tab.
Click the View icon next to Candidates.
Locate the candidate (use the search bar to filter by email).
Click the Edit icon next to the candidate.
Select the Legal Consents tab.
This shows you the documents the candidate has agreed to and the date and time of each consent.
๐คTip: Use the User Compliance section to track consents across all users rather than checking individual profiles.
User management for compliance
The User Compliance section connects to other compliance tools for managing user accounts:
Data deletion requests: Individual candidate deletion requests can be processed through the Data Deletion tool for GDPR compliance.
Admin user management: Admin accounts can be managed through the Roles section, with compliance tracking maintained in the audit trail.
๐ Note: Detailed instructions for account deletion, data management, and admin user controls are covered in their respective sections of this article.
Legal documents
Legal documents
Legal documents help you create, manage, and version your site's compliance policies such as Privacy Policy, Cookie Policy, and Terms & Conditions to meet regulatory requirements and provide transparency to users.
Accessing legal documents
Log in to your site's Admin Area.
Click the Your Website tab.
Under Compliance, select Legal Documents.
View the list of legal categories (such as Cookies, Privacy Policy).
Creating a new legal document
Access the legal documents section using the above steps.
Click the green + New button.
Complete the following fields:
Title: Add your policy name (such as Privacy Policy).
Content: Add the full policy text.
Agree message (optional): Add a short message which will be shown next to consent controls (such as I agree to the Privacy Policy).
Category: Select the policy type the document belongs to (such as Privacy Policy).
๐ Note: You can only have one active document per category at a time. To update a policy, you must create a new version.
Version: Set the version number. Use numeric or semantic versioning (such as 1.0, 2.0).
๐ Note: New versions prompt users to re-accept the policy.
Options: Choose your document options (see below for details).
Click Submit to publish.
Click the View (eye icon) to preview.
Understanding document options
Each setting controls how your policy is presented and accepted by users. This only applies to Volcanic platform-generated forms:
Option | Purpose |
Active | Makes the policy visible and available for acceptance. Inactive documents are hidden. |
Need Approval | Requires users to give explicit consent (checkbox or modal). If disabled, acceptance is implicit. |
Include in Forms | Adds the consent option to registration and application forms. |
Require Accept | Forces users to accept before submitting a form. Only appears when Include in Forms is active. |
Updating existing policies
If you need to update an existing legal document, you can either create a new document with an updated version, or edit the exisating document using the Admin area CMS.
โ ๏ธ Important: We recommend creating a new version for any material policy changes as this prompts candidates to re-accept next time they log in as well as preserving an audit trail.
Creating a new version (recommended)
Create a new document (using the steps above) under the same category.
Set a higher version (such as 1.1 โ 1.2).
Set it to Active to deactivate the previous version.
Users will be prompted to re-accept upon next login if Need Approval is enabled.
Editing existing documents (minor fixes only)
You can edit an active document for small fixes such as typos. A warning message will appear before proceeding. Click Ok to continue to edit the document via the Admin Area CMS.
How candidates interact with legal documents
Candidate visibility and required actions depend on your chosen settings:
On login: Candidates are prompted to re-accept updated policies if a new version is published and Need Approval is enabled.
On forms: If Include in Forms is enabled, candidates will see the policy during registration and application. Require Accept makes acceptance manditory.
Consent modes:
Implicit: No action required (used for informational policies like Cookies).
Explicit: Checkbox or modal must be accepted before proceeding.
๐คTip: The User Compliance area allows you to track who accepted which version of each policy and view acceptance status per candidate.
Data Representatives
Data Representatives
Data representatives are designated administrators responsible for managing GDPR-related requests and ensuring your website handles data in a compliant and secure manner.
Understanding data representative roles
A Data Representative centralises responsibility for handling sensitive data requests, ensures only authorised personnel can approve data exports or deletions, and minimises compliance risks while improving accountability.
Main Data Representative (DPO)
The Main Data Representative, usually your Data Protection Officer (DPO), has full access to the Audit Area where they can review and approve GDPR-related requests.
๐ Note: Only the Main DPO has permission to approve these requests and access the Audit Area.
Secondary Data Representatives
Secondary Data Representatives are backup admins who do not have access to the Audit Area or permission to approve requests unless promoted to Main DPO. They help ensure continuity but cannot manage compliance tasks directly.
Setting up Data Representatives
Nominating your first Data Representative
If your site hasn't had a Data Representative before:
Log in to the Admin Area.
Click the Your Website tab.
Click Data Representatives under the Compliance heading.
Click the green + New button.
Select the admin who will be your Data Representative.
Add their phone number.
Click Submit to save changes.
Replacing an existing Data Representative
Recommended approach - Data Representative reassigns their role:
If your main Data Representative is leaving, they should reassign their role before departure:
Access the Data Representatives area as shown above.
Ensure a second Data Representative is nominated using the steps above.
Find the Set as Main Data Representative icon next to the edit icon.
Click OK when prompted.
Alternative approach - admin changes Data Representative:
If your former main Data Representative is no longer available, another admin can replace them:
Access the Data Representatives area.
Click the edit icon next to the main Data Representative.
Use the dropdown to select another user or admin.
Update the phone number if needed.
Click Submit to save changes.
Enhancing workflows with email notifications
You can add direct approval links to notification emails to streamline the approval process.
To add approval links:
Go to the relevant email notification in Admin.
Click the orange {{link_to_complete}} token to copy it.
Paste {{link_to_complete}} into the Body field.
Click Submit to save the changes.
The {{link_to_complete}} token is a placeholder that generates a direct link to the specific request. The email will include this link that directs the Data Protection Officer to the specific request.
๐Note: The {{link_to_complete}} link only works when the Data Protection Officer is already logged into the Admin Area.
Audit Area
Audit Area
The Audit Area is the operational hub for GDPR request management and is only accessible to the Main Data Representative.
Accessing the Audit Area
Log in to the Admin Area of your website.
Go to Your Website.
Under Compliance, click Audit Area.
You'll see a list of GDPR and CSV requests with key information including:
Requester.
Created at.
Status.
Completed By.
Common statuses include Pending, Cancelled by user, and Approved.
Managing different request types
Right to be Forgotten (RTBF)
RTBF requests allow users to request erasure of their personal data. In the Audit area you can view the list of pending, cancelled and approved RTBF requests via the RTBF tab.
New or pending requests can be approved in the RTBF section.
๐ Note: The system provides the interface for review, but legal review and eligibility are determined by your internal policies.
Subject Access Requests (SAR)
SAR requests enable users to request access to their personal data. In the Audit area you can view the list of pending, cancelled and approved SAR requests via the SAR tab.
New or pending requests can be approved in the SAR section.
CSV Requests
CSV Requests require DPO oversight due to the sensitivity of exported data and can originate from different areas of the Admin Area.
CSV requests can be made for:
User CSVs from the Roles section (candidate data exports).
Job CSVs from the Jobs section (job listing data).
Application CSVs from the Applications section (application data).
How CSV requests are initiated
Administrators can request CSV exports by:
Navigating to the relevant section (Roles, Jobs, or Applications).
Clicking the Request CSV button.
The button changes to Cancel Request until approved.
A notification is sent to the Main Data Representative for approval.
Approving CSV requests in the Audit Area
To review and approve CSV requests:
In the Audit Area, click CSV Requests.
View lists of Pending, Completed, and In Progress requests.
Find the request in the list and click the edit icon.
Set the Hours of access for the CSV (recommended: short timeframes).
Click Approve.
The requester can then generate and download the CSV within the access window.
Email notifications for CSV approval
The Main Data Representative receives email notifications when CSV requests are submitted.
Email links can be enhanced using the {{link_to_complete}} token for direct approval access.
If email links redirect to the Dashboard, log in first then navigate manually to the Audit Area.
CSV generation and download process
After approval, the requester:
Returns to the original area where the request was made.
The Cancel Request button changes to Generate CSV.
Clicks Generate CSV (may take several minutes for large datasets).
Once ready, clicks Download CSV to export the file.
Data scope and limitations
CSV exports include all available fields for the selected data category.
For User CSVs: registration form fields, User ID, creation date, UTM sources, consent documents.
CSV files are static snapshots taken at generation time and do not update automatically.
Large datasets may take longer to process.
โ ๏ธ Important: The CSV is a snapshot and will not update during the access window. Avoid long access periods to prevent confusion over data freshness.
๐ Note: CSV exports only include data from Access Volcanic and do not affect or include data from third-party integrations.
RTBF Requests
RTBF Requests
Right to be Forgotten (RTBF) requests allow candidates to request deletion of their personal data directly through your Access Volcanic website, supporting your GDPR compliance with an auditable process.
Understanding RTBF requests
The Right to be Forgotten (RTBF), also known as the Right to Erasure, is a GDPR data protection right allowing individuals to request the deletion of their personal data. Access Volcanic provides a built-in RTBF feature so candidates can request deletion directly through their dashboard.
๐ Note: Access Volcanic provides tools to support your compliance but does not provide legal advice. Your organisation is responsible for maintaining compliance with data protection laws.
How candidates submit RTBF requests
Candidates can submit requests directly through their dashboard:
Log in to the candidate dashboard on your website.
In the dashboard sidebar, click Request RTBF.
Review the RTBF statement, name, and email address.
Click Submit to send the request.
Request lifecycle for candidates
An email notification is sent to your Main Data Representative.
Candidates can cancel the request before approval by clicking Cancel RTBF request from their dashboard.
If cancelled, no RTBF request appears in the Admin Area.
An email may still be sent at the time of request submission.
Approving RTBF requests
To approve RTBF requests in the Admin Area:
Log in to the Admin Area.
Go to Your Website.
Under Compliance, click RTBF.
Find the candidate request in the list.
Click the orange Approve button.
Confirm by clicking the blue OK button.
๐ Note: Once approved, all candidate data in Access Volcanic is permanently deleted and cannot be recovered.
โ ๏ธ Important: This deletion only applies to data stored within Volcanic. You must delete data from third-party tools or integrations separately (such as CRMs, ATS, or email marketing tools).
Configuring RTBF settings
Admins can customise the RTBF text displayed to candidates and control whether the feature is available:
Go to the RTBF requests section.
Click the green Settings button.
Configure the following options:
RTBF Title: Heading shown to candidates.
RTBF Text: Description of the request process.
Enabled: Untick to remove the Request RTBF button from the dashboard.
Click Submit to save changes.
๐คTip: Use clear, concise language to explain the impact of the RTBF request (such as removal of job alerts and application history).
Data deletion scope and limitations
When an RTBF request is approved:
All personal data stored in Access Volcanic for the candidate is deleted and cannot be recovered.
This deletion does not include data stored in external or third-party systems .
You must manually action deletion in those systems.
๐คTip: Maintain a checklist for integrated systems (like CRMs, marketing tools, or ATS platforms) to ensure all data is removed.
Notifications and permissions
The Main Data Representative receives email notifications when candidates submit RTBF requests.
Any admin with access can approve requests from the Admin Area.
Ensure the Main Data Representative's email address is correct and regularly monitored to avoid delays.
SAR Requests
SAR Requests
Subject Access Requests (SAR) allow candidates to request access to the personal data your organisation holds about them, supporting GDPR Right of Access compliance through your Access Volcanic website.
Understanding SAR requests
A Subject Access Request (SAR) is a formal request from an individual to access the personal data your organisation holds about them. This falls under the GDPR Right of Access, giving individuals the right to understand how their data is used and verify that it is processed lawfully.
Access Volcanic offers tools to help you log, track, and manage SARs through your website. However, it remains your organisation's responsibility to ensure SARs are handled in full legal compliance.
โ ๏ธ Important: Access Volcanic supports your compliance efforts but does not provide legal advice. Always consult your internal Data Protection Officer or legal counsel.
How candidates submit SAR requests
Candidates can initiate a SAR directly from their Candidate Dashboard:
Log in to their account on your website.
On the left-hand side near their profile details, click Request SAR.
Review their name, email, and the SAR statement.
Click Submit to send the request.
Request lifecycle for candidates
An email notification is sent to the Main Data Representative.
The Request SAR button changes to Cancel SAR request: candidates can cancel the request until it is approved.
Cancelled requests do not appear in the Admin Area, but still trigger an email notification.
Completing Subject Access Request requests
It is the Main Data Representative's responsibility to action the Subject Access Request according to your internal policies.
โ ๏ธ Important: Unlike Right to be Forgotten requests, Subject Access Request approvals do not trigger any automatic actions. The platform only logs and notifies the requests.
Admins must manually collect and share the requested data with the candidate in accordance with GDPR requirements.
๐ค Tip: Your organisation's Data Protection Officer should determine what data to include in the SAR response.
Approving SAR requests
Once completed, SARs can be reviewed and approved by admins or Data Representatives in the Admin Area:
Log in to the Admin Area.
Click the Your Website tab.
Under the Compliance section, click SAR.
Find the relevant request in the list.
Click the orange Approve button.
Confirm by clicking the blue OK button.
After approval, another email notification is sent to the Main Data Representative.
Configuring SAR settings
Admins can configure how SAR requests appear on the Candidate Dashboard:
Log in to the Admin Area.
Click the Your Website tab.
Under Compliance, click SAR.
Click the green Settings button.
Configure the following options:
SAR Title: The title shown to candidates.
SAR Text: The explanatory message displayed.
Enabled: Tick or untick to show or hide the SAR button.
Click Submit to save changes.
๐ Note: If disabled, the Request SAR option will not appear for candidates.
Diversity Questions Settings
Diversity Questions Settings
Configure diversity questions for job applicants to ensure compliance with local laws while feeding data into your Diversity Dashboard for recruitment reporting.
๐Learn more about Diversity Question Settings from our help guide.
Candidate Data Deletion
Candidate Data Deletion
Data deletion tools help you remove candidate accounts and personal data to maintain GDPR compliance, manage database quality, and respond to deletion requests.
Understanding data deletion
Access Volcanic allows administrators to delete candidate accounts and personal data directly from the Admin Area. This feature supports GDPR compliance by enabling the removal of candidate records upon request or automatically based on inactivity rules, ensuring your database remains accurate, relevant, and compliant with data protection obligations.
๐ Note: Always consult your Data Protection Officer or legal counsel before deleting user data.
Manual candidate deletion
Manual deletion removes individual candidate accounts from your website database but does not automatically remove all personal data if integrations are involved.
Log in to your site's Admin Area
Go to Roles
Click View Candidates
Search for the candidate by name or email address
Open the profile and delete the account
Bulk deletion of inactive candidates
The Data Deletion tool allows administrators to identify and delete inactive candidate accounts in bulk, improving database quality and supporting GDPR data-minimisation principles.
How bulk deletion works
The tool uses a defined inactivity rule to detect which candidate accounts have not logged in for a specific period (such as 90 days). Those accounts are then queued for deletion.
Steps to delete inactive candidates
Log in to your site's Admin Area.
Go to Your Website.
Under Compliance, click Data Deletion.
On the Candidate Data Deletion page, define the rule for inactive accounts by specifying the number of days since last login.
Click Review and Delete to preview the list of candidates meeting the criteria.
Click Delete Now.
Confirm by selecting Confirm Deletion.
Data deletion process and recovery
When you delete candidate accounts (either manually or through bulk deletion), the system performs a soft delete for the first 30 days:
During this period, deleted data can be recovered (potentially with a financial charge).
After 30 days, all data is permanently erased and cannot be restored.
Data scope
All personal data associated with the deleted candidate is removed, including:
Name and contact details.
CV, cover letter, portfolio, and uploaded files.
Form submissions and application details containing personal data.
๐ Note: Application data linked to deleted candidates will also have personal data removed.
Audit and compliance tracking
All deletion actions are recorded in the Compliance area of your Admin Dashboard, providing an auditable trail of data deletion activities showing:
โข The date and time of deletion โข The admin user who performed the deletion โข The number of accounts deleted
This history helps ensure transparency and traceability for compliance purposes.
Integration considerations
Deletion actions performed in Access Volcanic apply only to data within your website database.
Best Practices
Follow these guidelines to ensure effective compliance management and maintain regulatory adherence:
Assign at least one Main Data Representative and one Secondary for continuity.
Regularly review and update legal documents when policies change.
Use new document versions to trigger re-acceptance when content materially changes.
Monitor the Audit Area regularly and respond to requests promptly.
Set short access windows for CSV downloads to reduce security risks.
Maintain internal documentation for RTBF and SAR processing procedures.
Review user compliance reports to identify patterns in consent and data collection.
Train admin users on the permanent nature of data deletion and RTBF approvals.
Keep Data Representative email addresses current and monitored for notifications.
Configure diversity questions appropriately for each region where you recruit.
Remember that compliance actions in Access Volcanic only affect data within the platform: connected systems like ATS platforms, CRMs, and marketing tools require separate compliance management.
Establish regular reviews of compliance settings, Data Representative assignments, and legal document versions to ensure they remain current and effective.
Ensure all admin users understand the compliance tools they have access to and the implications of actions like data deletion and request approvals.
โ ๏ธ Important: Access Volcanic provides tools to support compliance but does not provide legal advice. Your organisation remains responsible for determining and maintaining compliance with applicable laws. Always consult with legal professionals for guidance on your specific regulatory obligations and compliance requirements.
FAQs
Q1: Why can't I access the Audit Area or approve compliance requests?
Answer: Only the Main Data Representative has access to the Audit Area and permission to approve GDPR requests. Check if your admin account is assigned as the Main Data Representative in the compliance settings.
Q2: Can I undo a Right to be Forgotten request once it's approved?
Answer: No, RTBF approvals result in permanent data deletion that cannot be reversed within Access Volcanic. Always follow your organisation's verification procedures before approving these requests.
Q3: Does deleting data from Access Volcanic remove it from third-party systems?
Answer: No, compliance actions in Access Volcanic only affect data within the platform. You must separately manage data deletion in connected systems like ATS platforms, CRMs, and marketing tools.
Q4: Can candidates cancel their GDPR requests after submitting them?
Answer: Yes, candidates can cancel both RTBF and SAR requests before they are approved by an admin. Cancelled requests don't appear in the Admin Area but may still trigger initial email notifications.
Q5: How do I add more than one legal document to a category?
Answer: You can only have one active document per category. To update a policy, create a new version with a higher version number and set it to active, which will automatically deactivate the previous version.
Q6: Why aren't candidates seeing consent options on forms?
Answer: Ensure that Include in Forms is enabled in your legal document settings. This option only applies to Access Volcanic platform-generated forms, not external or custom forms.
Q7: How is an "inactive" candidate account defined?
Answer: Inactivity is based on the last login date. For example, if you set inactivity to 90 days, any candidate who hasn't logged in for 90 days or more will be flagged for bulk deletion.
Q8: Can I recover deleted candidate data?
Answer: Yes, within 30 days of deletion through the soft delete system. Data recovery may incur a financial charge. After 30 days, data is permanently erased and cannot be restored.
Q9: Why doesn't the email approval link work for Data Representatives?
Answer: The approval link only works when the Data Representative is already logged into the Admin Area. Log in first, then click the email link, or navigate manually to the Audit Area.
Q10: Does Access Volcanic automatically send SAR data to candidates?
Answer: No, Access Volcanic only logs and tracks SAR requests. The Main Data Representative must manually collect and provide the requested data to candidates according to your internal policies and GDPR requirements.
Q11: When should I use "Require Accept" for legal documents?
Answer: Only use "Require Accept" when form submission must be legally blocked without consent, such as for Terms of Use. Avoid using it unless legally necessary to prevent user friction.
Q12: Why does my CSV data seem outdated?
Answer: CSV exports are static snapshots taken at generation time and don't update automatically. If you need current data, request a new CSV export rather than using an existing file.
Q13: Who receives notifications when compliance requests are submitted?
Answer: The Main Data Representative receives email notifications for RTBF, SAR, and CSV requests. Ensure their email address is current and regularly monitored to avoid delays in processing requests.
Q14: What happens if a candidate submits multiple RTBF or SAR requests?
Answer: Each request is processed individually through the Audit Area. If a candidate submits duplicate requests, you can review them separately and follow your internal procedures for handling multiple requests from the same individual.
Q15: How do I prove to auditors that we're handling compliance requests properly?
Answer: All compliance actions are automatically logged in the Audit Area, showing the date and time of requests, who processed them, and completion status. This provides a complete audit trail for regulatory compliance purposes.
Q17: How do I assign someone as the Main Data Representative for the first time?
Answer: Go to Your Website > Compliance > Data Representatives, click the + New button, select the admin who will be your Data Representative, add their phone number, and click Submit to save changes.
Q18: Can I change who the Main Data Representative is?
Answer: Yes. The current Main Data Representative can reassign their role by ensuring a second Data Representative is nominated, then clicking the Set as Main Data Representative icon next to another Data Representative. Alternatively, another admin can edit the main Data Representative and select a different user from the dropdown.
Q21: What should I do if I receive a compliance request for someone who isn't in our system?
Answer: This commonly happens when candidates cancel their request after submitting it, or when another admin has already processed the request before the Data Representative could access it. Check if the request appears in the Audit Area with a "cancelled" or "completed" status. If you can't find any trace of the person or request and have concerns, contact support for assistance.
Q22: How do I handle compliance for candidates who applied through job boards or external sites?
Answer: Data from integrations is typically held within those external systems (such as PeopleXD or Bullhorn), so you'll need to use the compliance tools provided by those platforms. You can use CSV exports from Access Volcanic to see which candidate data was sent to third-party systems, but compliance actions must be handled separately in each external platform.
Q23: What compliance data syncs with our ATS?
Answer: No compliance data syncs with third-party ATS platforms. While candidate application data may be sent from Access Volcanic to your ATS during the application process, compliance actions like RTBF or SAR requests must be handled separately in each system.
Q24: Why might candidates not be able to submit RTBF or SAR requests?
Answer: Check that the features are enabled in your settings. Go to Admin Area > Compliance > RTBF or SAR, click the Settings button, and ensure the Enabled option is ticked with appropriate title and text. If the options still don't appear for candidates, contact support.
Q25: What happens if the Main Data Representative's email stops working?
Answer: First, verify the email address is correct in the Data Representatives settings. Check if emails are going to spam or being quarantined. You can confirm requests are still coming through by checking the Audit Area. If emails have stopped entirely without any changes, contact support for assistance.
Q26: How do candidates know their compliance request has been processed?
Answer: Candidates receive email notifications when their requests are submitted and completed, depending on your notification settings.
Q27: Can I preview what candidates see when they submit compliance requests?
Answer: Create a test candidate account to view the candidate dashboard where RTBF and SAR requests are submitted. There's no preview option available in the Admin Area.
Q28: Do I need to configure all compliance tools, or can I enable only the ones I need?
Answer: All compliance tools are automatically available. You can choose which ones to enable based on your requirementsโyou don't need to configure tools you don't plan to use.