Lever: Self-Serve GDPR Compliance Portal Protecting Over $2M in Revenue

Context

The General Data Protection Regulation (GDPR) reshaped global data privacy expectations. For enterprise clients, compliance wasn’t optional — it was a core renewal requirement tied directly to legal risk, procurement reviews, and platform trust.

Lever’s existing process relied on manual support and engineering intervention for deletion requests, retention policies, and audit confirmations. This approach slowed compliance workflows, created legal exposure, and weakened renewal confidence.

To meet growing enterprise demands, we built Lever’s first self-serve GDPR compliance portal — a centralized experience empowering customers to define, monitor, and automate privacy settings independently.

Key Responsibilities

• Mapped backend data structures to visualize how candidate data moved across features and 3rd-party tools
• Defined role-based access controls to limit sensitive operations like export or deletion
• Designed friction-informed UX patterns for high-risk actions (multi-step confirmations, warnings, success verification)
• Created dashboards for compliance visibility and audit logging
• Collaborated with Legal, Product, and Engineering to align regional compliance across the EU, UK, and Canada

Cross-Functional Partners

• Engineering: technical feasibility & enforcement logic
• Security: compliance, risk thresholds
• Customer success: renewal insights & ticket triage
• Sales: deal blockers & procurement requirements
• Legal: privacy & data exposure policy alignment

‍

Problem Details

Enterprise customers needed visibility and control over candidate data without relying on Lever’s support or engineering teams. The absence of scalable governance introduced both business risk and customer frustration.

Pain Points

• Manual support tickets for every deletion or export request
• No centralized dashboard for retention policies or compliance status
• Legal and IT reviewers lacked transparency for audits and renewals

We needed to transform GDPR compliance into a seamless, self-managed product experience that balances legal rigor with usability.

Why It Mattered

Compliance wasn’t just a check-the-box feature, it was a contractual necessity. Large accounts paused renewals or demanded custom agreements until Lever could demonstrate secure, automated governance. By productizing compliance, we could reduce support load, de-risk renewals, and strengthen trust during procurement reviews.

Goals

• Empower customers to manage privacy and data retention autonomously
• Establish scalable UX patterns for privacy, governance, and auditability
• Ensure region-specific compliance logic (EU, UK, CA)
• Reduce support intervention for sensitive workflows
• Meet enterprise renewal and audit expectations to protect revenue
• Establish scalable UX patterns for privacy, governance, and auditability

‍

Previous Designs

Data Retention by Location

• Customers cannot configure multiple retention periods by hiring location, as required by local data regulations. This forces manual cleanup per region, introducing operational inefficiency and compliance risk.
• Customers cannot automatically anonymize candidate data by local regulation, limiting scalability as their candidate pool grows.
• Customers cannot define legal basis dynamically by how a candidate was created in Lever. Relying on static consent requires manual follow-ups to stay compliant with regional laws.

‍

‍

Policy Configuration

• Customers want to proactively prevent consent from lapsing to maintain a healthy, compliant talent database. However, sending consent refresh links manually is cumbersome and time-consuming.
• Customers lack a simple way to identify candidates who need anonymization, consent renewal, or retention extensions, creating regulatory risk, especially for organizations managing large candidate volumes.

‍

‍

Anonymization Capabilities

• By attribute: Customers cannot choose which data fields to anonymize. They need the ability to remove sensitive PII while retaining key data for analytics or historical reference.‍
• By location: Customers cannot define when anonymization should occur automatically versus manually. This limits their ability to scale compliant data practices as hiring volume increases.

‍

‍

Strategy

I framed the design around three guiding principles: clarity, control, and confidence.

1. Map the system: Visualized candidate data flows across product features and external tools to surface where governance needed to intervene.
2. Design for permission & safety: Applied RBAC rules to prevent unauthorized data actions.
3. Friction-informed UX: Added multi-step confirmations, inline warnings, and post-action verification to ensure safe execution.
4. Localize & scale: Built a framework to support region-specific retention timelines within one global dashboard.
5. Validate cross-functionally: Partnered with Legal and Security to verify GDPR alignment and data flow accuracy.

Communicating Systems Thinking

Example of how I articulate design rationale for information architecture and page structure — walking partners through the mental model behind the proposed layout to clarify decisions driving hierarchy and interaction. These help highlight:

• Spatial hierarchy and orientation (“Where I am,” “What I’m doing,” etc.)
• How hierarchy cascades from navigation → task → sub-context
• How focus areas are visually delineated and labeled
• How decisions scale across levels of interaction

‍

‍

Solution

A self-serve GDPR compliance portal integrated into the Lever platform, giving customers direct control over their data governance lifecycle.

• Configurable data retention policies: Define default deletion windows (e.g., 180 days post-rejection) by role, region, or stage.
• Localized compliance controls: Apply EU, UK, or CA-specific rules within a unified dashboard.
• Automated deletion workflows: Trigger privacy actions based on candidate status to eliminate manual requests.
• Role-based access safeguards: Restrict high-risk tasks like export or deletion to authorized users only.
• Audit logs & transparency dashboards: Track and verify all privacy operations with downloadable records for legal review.
• Friction-informed UI patterns: Layered confirmations, inline alerts, and success summaries for irreversible actions.

Together, these features made compliance actionable, auditable, and scalable without a single support ticket.

Outcomes

• Contributed $1–2M in retention revenue by resolving renewal blockers
• Reduced legal risk and cut support overhead tied to GDPR requests
• Improved customer trust and renewal confidence during procurement audits
• Established reusable design patterns for privacy, governance, and auditability across future compliance work

‍

Final Designs