Anonymization process accounts for grace period

You can now set the moment of anonymization with a customizable grace period. MSR-849 | May 2024

For whom is this feature?

For users who are responsible for the GDPR process.

Benefits for you as a user

  • Find the optimal balance between safeguarding the anonymization process and complying with the GDPR guidelines

Clarification of this new feature

A candidate can request the deletion of their personal data. This choice is recorded with the checkbox 'Deletion of personal data requested' and the date field 'Privacy statement rejected date'. Until now, the data in question would be anonymized immediately. 

The new field 'Grace period until anonymization (days)' in the custom settings, Privacy settings lets you postpone the moment of anonymization. The data will remain available for a while longer and are automatically deleted at the end of the grace period. Here's an example to explain how this works:

  • Someone requested the deletion of their personal data on 1 May 2024.
  • This choice is recorded on their personal card with the checkbox 'Deletion of personal data requested' and the date field 'Privacy statement rejected date’ is set to 01-05-2024.
  • The grace period is set to: 30 (days)
  • The personal data in question will be automatically anonymized on 31 May by the batch process ‘Execute for anonymize job'

    Note: it is still possible to immediately anonymize a person with the action button ‘Anonymize person’ on their personal card

In addition to adding this grace period, we have also made a change to the recording of personal data when a person gives or revokes their consent:

  1. Via the PrivacyReminder batch, you can send the person an email with two links to give or revoke their consent. Now, if the person clicks the link to revoke their consent, the date and time on which they originally gave their consent is reset. This functionality has been unavailable since release 2023-04 and has now been restored.
  2. You can also configure a Privacy Controller on the candidate and customer portal. A logged-in user can use this to renew or revoke their consent. The user's choice is now also logged. In the 'Privacy Statement Logging' field, the IP address is stored and the user's choice (accept or revoke) will result in a completed data and time field.


Other than defining the grace period (Setup, Custom settings, Privacy settings), no additional setup is required. The anonymize batch process automatically accounts for the set grace period.

🔗 Here you can find the key features from the May 2024 Release