chapter one

The Regulatory Push towards Data Privacy

What is the general data protection regulation (GDPR)?

General Data Protection Regulation

The European Commission, a regulatory institution of the European Union (EU) that oversees, regulates, and manages the daily business of the EU, recognized serious gaps in its Data Protection Directive (DPR), a policy that was intended to provide guidelines for the protection of personal data, but fell short in offering a unified approach for data privacy in light of new technological advancements and increased volume of personal data. These gaps created a number of problems for companies doing business in the EU. For example, EU Member States were left to their own for creating data protection policies making compliance difficult across different jurisdictions, while individuals were left without a real avenue of enforcement for protecting their personal data.

As a result, the ability to conduct business across Member States – for organizations both foreign and domestic – became increasingly burdensome. In an effort to strengthen rights of EU citizens and streamline the various data privacy policies of Member States, while also modernizing and strengthening data protection laws across the EU, the European Commission enacted new legislation on May 4, 2016, known as the General Data Protection Regulation (GDPR). The GDPR requires organizations to be legally compliant in their data processing activities, or face severe financial penalties to the tune of $20-million or 4% of worldwide revenue (whichever the greatest), for non-compliance. Ouch. Thus, it’s no surprise this dramatic increase in monetary penalties for non-compliance, a stark departure from the mere guidelines of the DPR, caused ripples of concern across organizations that both conduct business in the EU, or, alternatively, offer services or goods to EU residents. The sweeping impact and the increased territorial scope of the GDPR has earned itself recognition as one of the most protective privacy systems in the world, with real consequences for businesses that fail to comply.

SmartRecruiters is your Partner for Data Privacy

At SmartRecruiters, we recognize this new legislation directly impacts many of our valued customers, both in the U.S. and abroad, while also presenting real apprehension (and in some cases dread) given the severe monetary penalties that will be imposed. Believe us when we say, “We get it!” – and as your Talent Acquisition Data Processor – we also share in these new compliance responsibilities. So, when it comes to navigating data privacy concerns, we’re here for you, and we’re in this together!

The GDPR requires organizations be compliant today. That said, penalties are suspended until this transition is completed, which is less than a year from the time of this paper’s publication, May 31, 2017, according to the official GDPR website countdown, which you may track at – The European Commission recognizes the significant time and effort it takes for ensuring transparency, compliance, and uniformity with these new obligations. As, arguably, the most lobbied piece of legislation in EU history (it took more than four years to negotiate!), this process does not happen overnight. As such, the GDPR won’t become legally enforceable until May, 25, 2018. So, as your partner in data privacy, SmartRecruiters offers this overview, which serves to highlight the GDPR’s key provisions and obligations our customers ought to consider to ensure the recruiting data collection is performed in a manner that is GDPR-compliant.

Keep in mind, because we are not lawyers, we are not at liberty to give you or your organization legal advice. In light of the significant monetary penalties imposed for for non-compliance with the GDPR, we strongly recommend your organization consult with legal professionals who specialize in EU data privacy protection so you (and your revenues) are sufficiently protected.

The information we provide in this paper is intended to inform our customers of the potential impact GDPR may have on their recruiting data and to highlight where the SmartRecruiters platform can help facilitate meeting your compliance objectives. That said, this discussion is in no way a substitute for sound legal advice, which is always recommended.