Compliance · GDPR
Erase the candidate.Keep the proof.
Talara was built so a GDPR erasure request can be honored in full without destroying your record of how decisions were made.
How does Talara handle GDPR?
Talara handles candidate data under GDPR end to end: a clear lawful basis, data minimization, encryption at rest, and candidate rights including access and erasure. The key design choice is a PII-safe audit log: it references resource identifiers, not personal data, so erasing a candidate removes their information while your proof of how decisions were made stays intact.
The erasure conflict, resolved
Most systems force a choice: keep an audit trail, or honor the right to be forgotten. Talara does not. Personal data lives in candidate records that can be erased; the audit log references those records by identifier, so erasure removes the person without leaving a hole in your decision history.
How candidate data is handled
- Lawful basis & minimization: Talara collects what a hiring decision needs and no more.
- Encryption at rest: sensitive candidate fields are encrypted in the database.
- Candidate rights: access and erasure requests are first-class, not manual favors.
- Tenant isolation: each customer’s data, including Tally’s memory, is isolated at the database layer.
Erasure that actually erases
When you honor an erasure request, the candidate’s personal data is removed. What remains is a de-identified record in the audit trail that proves a fair process was followed, with no personal data inside it. That is how Talara keeps both regulators and candidates satisfied at the same time.