Secure data processing with StepStone QuickApply

In addition to enabling you to offer good employer branding more easily, an online application system is an invaluable aid in ensuring that you comply with the General Data Protection Regulation.

Handling data is safe, easy and readily accessible for recruitment purposes when you use StepStone QuickApply. On this page you can read our most frequently asked questions and answers about using the StepStone QuickApply system.


StepStone saves application documents for one year after the case has been closed. For recruitment cases which fall under Swedish law, we will save the application documents for two years in accordance with the right of appeal under the Swedish Discrimination Act.

You will have access to CVs and applications while your job ad is online at, and for 90 days after the application deadline for the job ad.

One of two things might have happened. Either the candidate withdrew their application or the candidate requested that their data be erased.

Candidates can opt to erase applications that they have submitted at any time. When this happens, the application will be removed from the system. The same applies if a candidate sends StepStone a “request for deletion”. The General Data Protection Regulation grants everyone the right to be “forgotten”, meaning that all of the information about the candidate must be erased.

Yes, you may save application documents for the people you choose to hire. If you have copied/downloaded information about other candidates, we recommend that you delete this information. If you opt to save the information, you will be the independent data controller for this data, and must therefore comply with the laws that apply. This means that you must ensure that you have a legitimate reason to save the data and that you obtain the candidate’s consent, for example. Read more in the the Danish Data Protection Agency’s Guide on the Rights of Registered Individuals.

For security reasons, you should not share your login credentials with others. We recommend granting individual access to co-workers that need to be brought in for the recruitment process.

You can grant your co-workers access to StepStone QuickApply under the menu item “Administer access”.

If the person you would like to add is not on the list, you can create and add the person by entering the email address.

We do NOT recommend downloading data from StepStone QuickApply and sharing it via email. Instead, we have made a function in StepStone QuickApply which allows you to securely share applications with co-workers—without requiring your co-workers to log into the StepStone QuickApply system.

The “Share selected applications by email” function sends an email with a link to the candidate’s application documents. The link will expire automatically.

No, unfortunately. An online application system alone is not enough to be 100 % compliant with the GDPR. Since data (e.g. applications and CVs) can be retrieved from the system, every company should also ensure it has a personal data protection policy which its employees comply with.

Additionally, it is generally a good idea to make sure that your employees do NOT save documents locally, print attachments, copy information from other documents, etc.

In our “Terms and Privacy Policy”, we inform the candidate of whom we disclose their data to, when the data will be erased and the candidate’s right to access their personal data and have it erased. In our application system, we inform the candidate of the purpose of processing their personal data on the application form itself, and the candidate gives their consent to have their personal data processed.

StepStone conducts clear-cut internal procures for how we uphold the rights of registered individuals, observe legal requirements and update our systems so that we can, for example, provide access to or delete personal data quickly.

StepStone has a number of security measures in order to protect the confidentiality, accessibility and integrity of personal data. We keep a log, among other things, of who has viewed the candidates’ applications, as well as what personal data has been accessed. You can read more about this here in our information security policy.