The General Data Protection Regulation (GDPR) is intended to improve data protection for individuals in the EU. It regulates the way in which companies handle, store and / or process personal data. The regulation touches on all recruitment processes involving personal data from EU citizens. Most, if not all, of the information you collect or request from an EU applicant or candidate during your hiring process falls under this regulation.
The regulation applies to the act of processing personal data, defined as “any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly indentify the person.”
All companies that conduct business in the EU are legally required to comply with the GDPR. So if you are hiring within the EU, thereby processing personal data of EU citizens, this applies to you.
The GDPR requires organizations to be legally compliant in their data processing activities by May 31, 2018, or face severe fines of €20-million or 4% of worldwide revenue (whichever is greater).
Who is impacted by the GDPR?
The GDPR identifies and governs three groups that fall within business transactions, that either have personal data rights or personal data obligations under this regulation.
Data Subjects
Data Subjects are your applicants and candidates, who supply their personal data when pursuing employment opportunities with your company.
Data Controllers
You are the Data Controller, because you determine purpose, reason and type of information collected from your applicants and candidates.
Data Processors
SmartRecruiters is your data processor. Our platform serves to process the data you control and instruct us to collect as part of the hiring process.
Do you know the GDPR requirements?
Any of your data processing activities involving personal data of EU citizens must comply with these key GDPR principles to be lawfully permitted:
- Fair and lawful with transparency
- Explicitly specified
- Only what is necessary
- Current and accurate
- Limited retention
SmartRecruiters is your partner for data privacy
As your talent acquisition suite and designated data processor, we strive to offer innovative recruiting tools to manage your candidates and applicants in a way that supports your compliance objectives and caters to your hiring needs.
Compliant Hosting
SmartRecruiters offers European hosting centers for reducing the exposure of cross-border data transfers, providing our customers peace of mind for securely protecting their candidate data.
Data Agreements
SmartRecruiters fully supports the use of written Data Processing Agreements (DPA) for clarity around data processing activities and obligations.
Local Support
Customers benefit from European support and development resources with restricted data access of non-EU citizens.
Access
Customers can easily configure user permissions in the platform for access to their recruiting data, providing visibility only where needed.
Is your recruiting data GDPR compliant?
Read our SmartPaper for an in-depth overview of the GDPR and its potential impact on your recruiting data.
- What is the GDPR and who does it impact?
- How is compliance demonstrated?
- What are the specific obligations for data processing?