News of Google’s 50 million euro fine has rocked the business world, but as other multinationals panic, recruiters can rejoice in some of the unexpected benefits of the GDPR regulation.

On January 21st, 2019, The French Data Protection Authority announced from Paris it would be slapping Google with a 50 million euro fine or around 57 million dollars for not correctly disclosing to its users how their data would be collected and managed by its search engine and services such as Youtube, and google maps to present personalized advertisements.

As one regulator put it “Google’s practices obscured how its services can reveal important parts of their user’s private life since they are based on a huge amount of data, a wide variety of services and almost unlimited possible combinations.”

This comes as the fourth and the largest fine brought against a company breaching the new General Data Protection Regulation (enacted in May 2018) and sends a message to the rest of the business world that no corporation is too big to avoid penalties. Google is determining whether to appeal the fine, but faces an uphill battle as history has shown through multiple billion dollar fines that the European Union does not favor the tech giant.

We, at SmartRecruiters, have been following the development of these measures since they were announced, bringing attention to the fact that many people didn’t know if their Applicant Tracking System (ATS) was up-to-date. (Evaluate your ATS here!) We also covered the Cambridge Analytica scandal, detailing how the business community is reacting to the changes that need to be made in order to stay GDPR compliant.

Now that we are in 2019 and the world has not imploded over these new regulations, Smartrecruiters has some new information that demonstrates that GDPR has actually had some positive effects, specifically in the world of recruiting. I know, crazy to think that bureaucracy had any benefits… but hear us out, and check out this infographic below describing them.

Based on this infographic we can see that one of the natural consequences of making the hiring process and data collection of applicants more transparent, are more engaged candidates. People have overwhelmingly responded to the request to consent option (83 percent) in less than a day, with less than one percent have deleted their profiles.

When candidates feel that a company is respecting their information they are more likely to interact with the hiring process. Companies have gotten in on the action as well and 79 percent of SmartRecruiters customers have included a company or country-specific privacy policy. 63 percent have also internally trained their staff to properly process their personal data which is significantly more when compared to the rest of the world where only 10 percent of companies have enacted the same measures.

These efforts by and large benefit recruiters as they do not need to worry if their company’s management of candidate data breach GDPR compliance and they have Candidates more willing to engage with the hiring process.

SmartRecruiters’ efforts have made our customers some of the most prepared for GDPR compliance and because of that, they are not sitting in the same hot water as Google or Facebook at this moment. If you would like to know more about SmartRecruiters’ resources  Check out our SmartRecruiters’ GDPR Resource Kit or FAQ page for answers to all the most common recruiting questions concerning data privacy.

New state privacy laws mean doing business in California will come with new levels of compliance. To avoid complications – and hefty fines – follow this simple guide.

The first half of fiscal 2018 was festooned with the lead balloon of the General Data Privacy Regulations. An EU initiative years in the making, GDPR aimed to protect European citizens’ personal data online, and as any international company would include a European employee, customer, or contractor somewhere along the way, failure to comply with Brussels’ legislation would result in the kind of fines that could put your lights out for good.

Like the fidgety lead-up to Y2K, there were prognosticators and doomsayers, but aside from a few lawsuits aimed at big game trophies like Facebook or Google, GDPR’s implication date of May 25th passed mostly without incident.

Now, just when you thought it was safe to kick back and congratulate yourself on your glocal business being GDPR compliant, some yahoo in California’s gone and added another layer to this digital tiramisu.

The California Consumer Privacy Act (CCPA), a bill passed as AB-375, means that a business collecting, storing or selling any Californians’ personal information will have to fall in line to this new legislation. We’ve got until January 1st, 2020, to get this done.

As it was with GDPR, firms have some time to lawyer-up and get CCPA compliant to avoid fines currently set at $7500. This amount, as well as what the act will actually enforce could change between now and activation day, the underlying premise remains: Legislators “are concerned that misuse of personal data may have ‘devastating’ effects for individuals, including financial fraud, identity theft, unnecessary costs to personal time and finances, destruction of property, harassment, reputational damage, emotional stress, and even potential physical harm.”

Providing the kind of legal advice market innovators will need to assure compliance, international law firm Cooley has put together an FAQ on the subject, starting with who will need to get what straight in the next two years.

If you are a company with annual gross revenues over $25 million; if you obtain personal information from over 50,000 California residents, households or devices per year; or if selling any combination of this information accounts for more than 50 percent of your annual revenue; best pay attention and call Cooley.

Hey, my business isn’t based in California, this doesn’t apply to me.

Although there are grey areas state-by-state, if your business is online and you have even one customer from California, best to consider yourself as on the hook.

Ok then. Define customer.

California law would define customers as Individuals in the state for other than temporary or transitory purposes, and Individuals domiciled in the state who are outside the state for a temporary or transitory purpose. But since this definition is not limited to residents that buy goods and services, “consumers” would also include others, like, for example, an organization’s employees residing in California.

Fine. Now what does the CCPA define as “personal information”?

Well, a lot. There are the obvious things like your real name, postal address, IP address, email address, social security number, or driver’s license number. But it also encompasses commercial information, including records of personal property, products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies. And of course, your geolocation data. See a more comprehensive list in the Cooley FAQ.

But my company already went through GDPR and passed with flying colors.

Congratulations on that. Must have been no small feat. However, you will have to address the CCPA framework separately. Obtaining consent, for example, is a different process, and EU regulatory enforcement has, to date, been limited. In the US we expect more rigorous regulatory oversight. As such, to reduce clear and present risk, CCPA compliance will necessarily be more involved and precise. You’re not out of the woods yet.

And if one were to just ignore it?

Those found to be in violation would be subject to penalties pursuant to a civil action by the California attorney general, as set forth under Section 17206 of California’s Business and Professions Code. This provides for penalties up to $2,500 per violation, and a company found to have violated the CCPA intentionally would be liable for up to $7,500.  

So if I take care of all this now I’m good.

Given this law being passed so quickly, and the number of companies that would be affected already kicking up a fuss, the details will have to be monitored as January 2020 approaches. Stay tuned as we report new details as they come to light.

We tend to think of cyber attacks happening to banks, or governments, but HR needs to wake up to the fact that we are the keepers of a lot of sensitive data, and we need employees to help us.

“I never thought I would be briefing the President of the United States of America on a bad Seth Rogen movie,” admitted an anonymous Obama staffer at the time.

Yet there they were, in the situation room, summarizing the half-baked plot of a movie that should have been doomed to b-flick oblivion. Instead, even before its release, The Interview became the fulcrum of an international debacle that would bring the US and North Korea to the brink of nuclear war…again.

James Franco stars as a tabloid talk-show host gaining access to the elusive North Korean Supreme Leader, Kim Jong-un, for an interview, and is subsequently recruited by the CIA to assassinate the dictator.

via GIPHY

Before the slated premiere in October 2014, the People’s Republic issued a scornful press release, saying that ”making and releasing a movie on a plot to hurt our top-level leadership is the most blatant act of terrorism and war and will absolutely not be tolerated.”

Though threats from this easily goaded nation were hardly taken seriously, Sony PIctures pushed the release date to the end of November, hoping the ire would blow over. But things just got worse.

The Monday before Thanksgiving, when Sony employees attempted to log on to their computers, a grinning skeleton greeted them with a cryptic, if grammatically reprehensible, admonition: “Hacked by #GOP, Warning: We’ve already warned you, and this is just the beginning. We will continue until our requests have been met…”

“It was like a bomb went off,” one Sony staffer told Slate.com. “We looked around. We were still alive. So we started doing triage.”

The #GOP, or Guardians of Peace, claimed responsibility, and though the far-east Hermit Kingdom denied direct involvement, they dubbed the attack “righteous”, and ceded the possibility that supporters of the regime were responsible, which brings us back to the White House, where a room full of government officials, including POTUS, were trying to decide: “Is this an act of war?”

If it could be considered as such, the world’s only superpower didn’t retaliate beyond more sanctions to the already sanction-sagging country. Because when it comes to cyber warfare, there’s not much in North Korea to attack. Advanced nations like the US are much more vulnerable. Every smartphone, fitbit, computerized fridge, virtual assistant, navigations system, etc, is another point of entry for nefarious actors, and every day there’s a new way in.

The Sony breach was made possible, in part, by the employees themselves, or more, their lazy passwords – in three cases the password was actually “password” – though the hacker organization made claims, still unsubstantiated, that they had  “help from the inside.”

Another insider told Slate of the breach, “some of the worst team players were in HR, because the nature of the hack — leaked Social Security numbers, exposed medical info, a trashed payroll system — meant their department was one of the hardest hit.” And that will likely continue to be the case in future breaches, as HR will always be a hub of sensitive personal data.

Since a future where your average Joe uses a different 12-digit, case-sensitive, alphanumeric password for every online account seems unlikely, the question becomes, “How can we create a cyber-security practice that people will actually follow?”

Because while cyber-security spending is projected to reach $101.6 Billion globally by 2020 (a 38 percent increase from 2016), what’s missing is the grassroots buy-in. For this, we talked to cyber-security expert, Sana’ Rasul – Head of HR Girlfriends, with over a decade of HR experience. She helps businesses make security policies that employees can actually understand, and execute, so your data isn’t just safe “on paper”.

You weren’t always a cyber-security advocate, what made you become interested in this issue?

I was hacked three times in one year! I didn’t know it at the time, but I wasn’t protecting myself. I was getting stuff done on the go – as most people do – and hopping onto any random WIFI. Thankfully, it was only my personal credit card info that was stolen, but it made me think, ‘I use my company credit card all the time, and I use same processes I use for my personal credit card… Oh no.’ So it was a spiral effect, where my personal challenge forced me to look at the way I do business. I wouldn’t want my clients to be compromised, that would be awful!

What mindset should companies have when creating their cyber-security policy?

You have to approach cyber-security as an in-user, The policies you put into place have to make sense for the way people actually work.

So how do you make a policy that your employees will follow?

Be sure to explain your policies in a way that employees will understand. That means examples! Talk to your employees, identify all the scenarios in which they use company technology or access company servers, and make a policy that takes the reality into account. For example, you can’t say ‘no using open-wifi,’ if you also expect workers to be reachable at all times. The reality doesn’t line up with the on-paper policy. A more effective measure would be to provide company portable WIFI routers and require employees to use those secure networks.

Where should HR start?

Handbooks! It may seem antiquated, but handbooks that compile all the need-to-know information for employees can be super helpful, it’s the groundwork for how they will use the technology provided them. Creating a handbook also forces your company to asses the health of its cyber-security, identify potential breaches, and make a plan of action.

What’s the number-one thing companies do wrong?

The most common thing I see are policies that haven’t been updated. We update our computers, we update our phones, we update everything except our policies that influence our use of technology. Companies should be reviewing their guidelines every year. The other thing is, I see policies that are 20 pages, but still don’t manage to get to the way people really work, the reality I talked about before. Be specific about usage and access of company tech and data, and it will make it easier for your employees to execute.

What does a forward-looking cybersecurity policy look like?

You need to be thinking ahead, every time you see a tech innovation, think, ‘what does that mean for security?’ Alexa, Amazon’s virtual assistant, was reported to have accidentally recorded a conversation in May of this year. Even before this happened, my clients were prepared for this possibility, and required employees to disable Alexa before working. If you see a new technology on the market that gives you concerns, don’t be afraid to voice that to leadership, and be quick about updating your policies.

Why is HR so crucial to cyber-security? Besides, of course, their proximity to personal data.

Cyber-security is a huge picture, most departments only see a small piece of it, even the c-suite only sees a fraction. HR is the connector – IT, marketing, leadership, sales, new hires, vendors – and as such, we are uniquely positioned to get the best view.

What can HR do to encourage tech providers to bump up security?

Ask questions of your vendors. Find out how they protect your data, and what will happen if there is a breach. Make sure they know, that as the customer, that you care!

Why data protection now?

Cyber-security wasn’t necessarily a huge deal until we all started hearing about all these high-profile hacks: Target in 2011, Yahoo in 2013, Sony in 2014, Uber in 2016, that brought to light what the power of cyber in the wrong hands could actually do. It’s traumatic! We have to remember, In today’s world, even a mom and pop corner store is responsible for big data.

What’s your take on the Sony hack? What can we learn?

No organization is immune from a cyber attack, and the weakest link in any organization is typically an unsuspecting employee who clicks a link, downloads a file, or replies to a hacker unknowingly. I have heard people say “I’m not dumb enough to be tricked by a cyber attacker,” but cyber attacks are perpetrated on thousands of educated and accomplished individuals each year. Possessing an advanced degree in an area of expertise or years of experience won’t stop a determined hacker, but being cyberSAFE will.

Just when GDPR was starting to feel manageable, California piles on by passing sweeping new online privacy law. Don’t worry, HR. SmartRecruiters got your back.

So, you’re a hiring manager at an international company sitting in Silicon Valley. You’ve been studiously, judiciously, taking your anti-anxiety medication through the run-up to and implementation of the European Union’s General Data Protection Regulations, making sure all the personal data you’ve stored complies with the directives from Brussels, and so far, your company hasn’t been fined. Post-May 25th tensions have dialed down and everyone on your team knows what needs to be done to protect the data of candidates, as well as past and current employees. This is good.

And then the California state legislature goes and unanimously passes AB-375, set to go live in January 2020, quoted in Fortune as “almost European-grade privacy rules”.

And if Europeans felt that the GDPR framework came from too high up with too little consultation, Californian Robert Callahan, vice-president of state government affairs for the Internet Association, feels about the same. “Data regulation policy is complex and impacts every sector of the economy, including the internet industry,” he said. “That makes the lack of public discussion and process surrounding this far-reaching bill even more concerning.”

It’s still early days and future experts are just now boning up, but while we can expect the same kind of anxiety and speculation that occurred around GDPR, SmartRecruiters has made sure that no matter the size of your business, we provide global compliance features to keep you covered, as of, well, right now.  

That means even our smallest customers will be able to:

• Set a Privacy Policy (default or country-specific)
• Set a Data Retention Period (default or country-specific)
• Turn on GDPR Setting Automatic Deletion (default or country-specific)
• See what privacy advice is given based on country or countries of operation

More on this to follow as Big Tech hits back at the new law, and we investigate the ins and outs of what California companies will have to do to comply with yet another layer of data privacy protocol.

HR, is your ATS a partner in GDPR preparation? Or, are you, like many others in talent acquisition, left to figure out these new data regulations on your own?

We surveyed a group of TA leaders from across ATS providers and most GDPR-related questions leave HR shrugging its shoulders. “I don’t know” shouldn’t be the mantra for a huge piece of legislation that comes into effect May 25th, 2018—affecting all the EU member states, of course, but also anyone doing business with these countries—that means you, America!

View full-size PDF here.

GDPR is a principle-based piece of legislation, which means compliance has to be in your company’s DNA. There’s no one-size-fits-all solution. However, we have some essential information that will get you started. Check out our SmartRecruiters’ GDPR Resource Kit or FAQ page for answers to all the most common recruiting questions concerning data privacy.

Share this infographic on your site. Copy and paste the code below.

</p>
<p><strong><a href='https://www.smartrecruiters.com/blog/is-your-ats-ready-for-gdpr-70-say-no/?utm_source=referral&utm_medium=infographic&utm_campaign=gdpr'>Is Your ATS Ready for GDPR?</a> infographic provided by <a href='https://www.smartrecruiters.com/recruiting-software/?utm_source=referral&utm_medium=infographic&utm_campaign=gdpr'>SmartRecruiters Recruiting Software</a></strong>
</p>
<p>
<img src='https://cdn.smartrecruiters.com/blog/wp-content/uploads/2018/05/SmartRecruiters-GDPR-Infographic.jpg' alt='Is Your ATS Ready for GDPR?' border='0' style="width:724px; max-width:100%;" /></p>
<p>

Just because there’s no one fix for GDPR compliance, that doesn’t mean there aren’t solid ways to keep from pulling a Zuckerberg-level cock-up.

Photo credit: Raphaël Labbé from Paris

This week, in London; it was a speech to disappoint anyone hoping to snag a secret recipe to comply with the fast-approaching General Data Protection Regulations, or GDPR – the European Union’s play to shield its citizens’ online information from precisely the kind of parasitic commercial pilfering brought to light by the ongoing Facebook/Cambridge Analytica scandal.

Unleash Conference, Main Stage; it was a frightening but opportune confluence, as Ardi Kolah, director of the GDPR global transition program at Henley Business School, explained to a large section of 500 Talent Acquisition professionals, that with breached-data threatening one of the most powerful players on the web, causing its once-bulletproof stocks to plummet, most organizations won’t be adequately protected when the new laws kick in on May 25th.

To understand this new legislation, “consider the bill’s genesis as a way to regulate the digital marketplace, a codification of best practices, as opposed to protection against malevolent hackers,” says Kolah, “and GDPR will make a lot more sense.”

That said, it’s hard not to conflate fears around what GDPR could do to your business with what Facebook’s going through in the wake of the revelation that consulting firm Cambridge Analytica amassed data from up to 50 million profiles that were used, via Facebook, to sway votes in favor of the 2016 Trump campaign. These actions contravene not only Facebook’s own rules, which forbid third parties from using any user data for commercial means, but had GDPR already been implemented – given that it’s not only applied to EU citizens in Europe, but anywhere they exist in cyberspace – this kind of data scraping, from that many profiles, would more than likely have fallen under its legal purview, and possibly cost Facebook four percent of its annual profits. (Facebook has reportedly lost about as many dollars of stock market value as there were affected users.)

Facebook founder Mark Zuckerberg has denied that the net-quaking profile harvest was any kind of theft at all, and this issue isn’t going to go away soon. But to bring the issue into a more earthbound context, if, say, a medium-sized company has followed Kolah’s advice and retained legal counsel to ensure compliance, what would happen should they experience an involuntary breach?

Kolah maintained that each situation will be unique, but laid out the basics for what an action plan could look like:

• Identify risk in areas of your business or service at high risk of data breach.
• Mitigate the risk by tightening up porous areas which can be carefully monitored.
• Record your efforts to mitigate risk, to increase transparency, and protect your company should a data breach occur.

The biggest takeaway is that training is your first line of defense. Anyone in your company handling data that relates to information of EU citizens protected by GDPR should be schooled in handling this sensitive information appropriately.

“If your company experiences a data breach,” warns Kohla, “you can be sure HR will be paid a visit, and the first thing these government agents will ask for is your training records.”

But, he noted, good faith efforts like training will certainly move the needle in your favor if you find yourself on the wrong side of GDPR:

“I don’t think the EU will be chasing anyone down the street with random punishments. They are much more concerned about people who will deliberately put millions of people’s data at risk without blinking an eye in the name of profit.”

Right now, in every business leader’s head; while no one knows 100 percent how they or their business communities may be affected, for the time being, it’s most important that your business is seen as being trustworthy with sensitive personal information, the kind of trust that Facebook, a harbor for billions of online profiles and thus saleable personal data, is bleeding, profusely, right now.

We enlisted SmartRecruiters’ Head of Legal, Valerie Bertrand, to give us a primer on the implementation of what is, depending on who you ask, either a bold step forward for data protection, or, if you’ve been sleeping on it, a harbinger of doom. 

Tune into our preparation Webinars February 21st, 10 am CET in French, English, and German to learn the implications of this new legislation on candidate data processing.

If you’re a European business or a business with EU employees, a business with activities in the EU – or even looking to hire EU citizens from outside the EU – May 25th is already circled in thick bright red on your 2018 calendar. It’s not? Oh dear.

That’s when the European Union’s new rules for personal data collection come online – so to speak – and if you’ve been procrastinating, you’re not going to be very pleased by the consequences for having done so. Failure to comply will cost you up to €20 million or 4% of your yearly gross worldwide, whichever is higher.

Right?

For Berlin-based Valerie Bertrand, when she took the gig as SmartRecruiters’ head of legal six months ago, she also took over the helm of SmartRecruiters’ compliance efforts.

“I knew GDPR would be my first big priority,” she says, “as well as my first big opportunity.”

The watershed regulations took four years of negotiations to pass, and for all her hard work making sure SmartRecruiters will be GDPR-compliant come the end of May, there are plenty of companies out there wanting to hear what advice she can share with them.

“We had more than 200 attendees on our German language webinar,” says Valerie. “For the UK around 50 or 60, and France, around 60-70.”

For the citizenry, the basics aren’t hard to grasp, and they sound pretty good: companies are not allowed to sell-on your personal information to third parties without your consent, they are not allowed to keep your information stored indefinitely, and if you suddenly decide you don’t want e-commerce sites you’ve used to store your email or keep a list of what you bought to sell you again in the sidebar of your online newspaper, they are obliged to let you be digitally forgotten, and erase you.

“It’s the same thing as when you give your phone number to someone,” explains Valerie, “you don’t necessarily want that person giving your number out to just anyone.” Especially anyone capable of sending you unblockable spam texts.

For companies, Valerie says the essentials are “identifying and mapping your processes from the beginning to make sure individuals can control their individual rights. Make sure you are in control of your data, know exactly where your data is, and who your processors are.”

“Processors” is a specific choice of words. Because under GDPR, there are data processors and data controllers.

“Our customers, who give us access to their data for the purposes of hiring,” Valerie says, “are controllers, SmartRecruiters is the processor,” which means when your business is based on processing personal information on behalf of companies, things can get tricky. Valerie says in Europe – especially Germany, a huge supporter of GDPR – personal privacy has always been taken more seriously than anywhere else. Which would be fine if GDPR compliance was limited to companies operating from within the EU, but it covers any company who employs even one EU citizen, which opens things up immensely, and not all companies outside of Europe may be taking GDPR as seriously as they should.

“The fines are a good way to make sure companies are doing something about it,” says Valerie, “and because of the fines, now when you talk about online privacy at this level in the US, they understand, whereas before, not so much.”

Given the great degree of SmartRecruiters’ business Stateside, that’s good news, but leaves one question: an organization coasting along without a forward-thinking head of legal could be leaving their business open to massive fines, that for small to medium-sizers, could possibly put them under: If 20 million euros is higher than 4 percent of annual gross, especially if it’s much higher, well, you know, that’s bad.

On the other hand, after taking this long to implement on so many high levels of government, those responsible for administering the first rounds of post-May fines aren’t going to go after someone from, say, Italy, manufacturing broom handles in West Africa, or a car company in India with a French consultant on the books.

“You go for Apple, you go for Google,” says Valerie. “You target the companies with money,” because everyone will be watching, placing bets on which global juggernaut will be hit hard, and hit first.

Valerie is confident her company will be watching calmly from the sidelines, because more than being made an example of by the European Commission, “SmartRecruiters is a subcontractor, so we have to be compliant. That’s why people will continue to work with us. Otherwise no one will choose to work with us. We still don’t really know what things will look like after May 25th, but if you get caught for something, your image will suffer greatly.”

Countdown to compliance with General Data Protection Regulations (GDPR) continues. With only 210 some days left on the clock, will your company be ready?

If you’re asking yourself, “What is the GDPR?” then we should probably chat because the GDPR will significantly impact your recruiting efforts in 2018.  Based on the conversations we’ve had with our customers, it’s clear the GDPR hasn’t made it onto everyone’s radar. So, let’s change that.

The General Data Protection Regulation (GDPR) is a major piece of legislation out of the European Union (EU) that could severely impact your recruiting efforts, whether your organization is based in the U.S. or abroad.

“Don’t end up the poster child of non-compliance because examples will be made”

If that doesn’t get your attention, then let’s talk penalties for non-compliance. Organizations that fail to comply with the GDPR will face severe fines － to the tune of $20-million or 4% of worldwide revenue. Yes, you read that correctly. And, if you think no one’s watching – you’re wrong. Don’t end up the poster child of non-compliance because examples will be made.

So, how much time do you have to prepare? While the GDPR technically requires organizations be compliant today, penalties are suspended to allow for the complexity of this transition. GDPR enforcement won’t start for another 217-some days, according to the official GDPR website countdown. So, the good news is you have some time, but the clock IS ticking.

The GDPR is, perhaps, the most expansive privacy legislation to date, significantly enhancing data privacy rights for individuals, while placing obligations of transparency, accountability, and fairness, on nearly every company in every industry that relies on the use of personal data for conducting business. This means, for example, companies engaged in Marketing, Social Technologies, Professional Services, and (you’ve guessed it) Recruiting and HR, among other areas, are subject to this legislation.

“We’re constantly monitoring legislative changes on a global scale to better serve our customers”

At SmartRecruiters, we take data privacy and security seriously －so we’re constantly monitoring legislative changes on a global scale to better serve our customers and, ultimately deliver better recruiting software that enables our customers to meet their compliance objectives. In fact, the team at SmartRecruiters has monitored legislative efforts on GDPR for the past two years. Rest assured, it’s been on our radar for quite some time and we’re pleased to share that GDPR compliance efforts are just one component of our holistic approach to data privacy. In addition we have also taken it upon ourselves to incorporate the principle of privacy by design (PbD) at critical stages of product development －from planning to design and continuing throughout development and delivery.

“We are extremely sensitive to protecting the incredible amount of data that is generated from your recruiting activities”

Because SmartRecruiters supports customers with global operations, both in the U.S. and abroad, we are extremely sensitive to protecting the incredible amount of data that is generated from your recruiting activities. To that end, we’ve prepared a host of items to help your team prepare for the GDPR, including a comprehensive guide to the GDPR for insights and a proactive look at data privacy as it relates to your recruitment activities.

SmartRecruiters is proud to serve as your partner for data privacy while delivering value to your hiring teams through recruitment innovation. We look forward to sharing more about our product development and compliance enhancements, as we partner together to support your journey to compliance.