We enlisted SmartRecruiters’ Head of Legal, Valerie Bertrand, to give us a primer on the implementation of what is, depending on who you ask, either a bold step forward for data protection, or, if you’ve been sleeping on it, a harbinger of doom. 

Tune into our preparation Webinars February 21st, 10 am CET in French, English, and German to learn the implications of this new legislation on candidate data processing.

If you’re a European business or a business with EU employees, a business with activities in the EU – or even looking to hire EU citizens from outside the EU – May 25th is already circled in thick bright red on your 2018 calendar. It’s not? Oh dear.

That’s when the European Union’s new rules for personal data collection come online – so to speak – and if you’ve been procrastinating, you’re not going to be very pleased by the consequences for having done so. Failure to comply will cost you up to €20 million or 4% of your yearly gross worldwide, whichever is higher.

Right?

For Berlin-based Valerie Bertrand, when she took the gig as SmartRecruiters’ head of legal six months ago, she also took over the helm of SmartRecruiters’ compliance efforts.

“I knew GDPR would be my first big priority,” she says, “as well as my first big opportunity.”

The watershed regulations took four years of negotiations to pass, and for all her hard work making sure SmartRecruiters will be GDPR-compliant come the end of May, there are plenty of companies out there wanting to hear what advice she can share with them.

“We had more than 200 attendees on our German language webinar,” says Valerie. “For the UK around 50 or 60, and France, around 60-70.”

For the citizenry, the basics aren’t hard to grasp, and they sound pretty good: companies are not allowed to sell-on your personal information to third parties without your consent, they are not allowed to keep your information stored indefinitely, and if you suddenly decide you don’t want e-commerce sites you’ve used to store your email or keep a list of what you bought to sell you again in the sidebar of your online newspaper, they are obliged to let you be digitally forgotten, and erase you.

“It’s the same thing as when you give your phone number to someone,” explains Valerie, “you don’t necessarily want that person giving your number out to just anyone.” Especially anyone capable of sending you unblockable spam texts.

For companies, Valerie says the essentials are “identifying and mapping your processes from the beginning to make sure individuals can control their individual rights. Make sure you are in control of your data, know exactly where your data is, and who your processors are.”

“Processors” is a specific choice of words. Because under GDPR, there are data processors and data controllers.

“Our customers, who give us access to their data for the purposes of hiring,” Valerie says, “are controllers, SmartRecruiters is the processor,” which means when your business is based on processing personal information on behalf of companies, things can get tricky. Valerie says in Europe – especially Germany, a huge supporter of GDPR – personal privacy has always been taken more seriously than anywhere else. Which would be fine if GDPR compliance was limited to companies operating from within the EU, but it covers any company who employs even one EU citizen, which opens things up immensely, and not all companies outside of Europe may be taking GDPR as seriously as they should.

“The fines are a good way to make sure companies are doing something about it,” says Valerie, “and because of the fines, now when you talk about online privacy at this level in the US, they understand, whereas before, not so much.”

Given the great degree of SmartRecruiters’ business Stateside, that’s good news, but leaves one question: an organization coasting along without a forward-thinking head of legal could be leaving their business open to massive fines, that for small to medium-sizers, could possibly put them under: If 20 million euros is higher than 4 percent of annual gross, especially if it’s much higher, well, you know, that’s bad.

On the other hand, after taking this long to implement on so many high levels of government, those responsible for administering the first rounds of post-May fines aren’t going to go after someone from, say, Italy, manufacturing broom handles in West Africa, or a car company in India with a French consultant on the books.

“You go for Apple, you go for Google,” says Valerie. “You target the companies with money,” because everyone will be watching, placing bets on which global juggernaut will be hit hard, and hit first.

Valerie is confident her company will be watching calmly from the sidelines, because more than being made an example of by the European Commission, “SmartRecruiters is a subcontractor, so we have to be compliant. That’s why people will continue to work with us. Otherwise no one will choose to work with us. We still don’t really know what things will look like after May 25th, but if you get caught for something, your image will suffer greatly.”

Countdown to compliance with General Data Protection Regulations (GDPR) continues. With only 210 some days left on the clock, will your company be ready?

If you’re asking yourself, “What is the GDPR?” then we should probably chat because the GDPR will significantly impact your recruiting efforts in 2018.  Based on the conversations we’ve had with our customers, it’s clear the GDPR hasn’t made it onto everyone’s radar. So, let’s change that.

The General Data Protection Regulation (GDPR) is a major piece of legislation out of the European Union (EU) that could severely impact your recruiting efforts, whether your organization is based in the U.S. or abroad.

“Don’t end up the poster child of non-compliance because examples will be made”

If that doesn’t get your attention, then let’s talk penalties for non-compliance. Organizations that fail to comply with the GDPR will face severe fines － to the tune of $20-million or 4% of worldwide revenue. Yes, you read that correctly. And, if you think no one’s watching – you’re wrong. Don’t end up the poster child of non-compliance because examples will be made.

So, how much time do you have to prepare? While the GDPR technically requires organizations be compliant today, penalties are suspended to allow for the complexity of this transition. GDPR enforcement won’t start for another 217-some days, according to the official GDPR website countdown. So, the good news is you have some time, but the clock IS ticking.

The GDPR is, perhaps, the most expansive privacy legislation to date, significantly enhancing data privacy rights for individuals, while placing obligations of transparency, accountability, and fairness, on nearly every company in every industry that relies on the use of personal data for conducting business. This means, for example, companies engaged in Marketing, Social Technologies, Professional Services, and (you’ve guessed it) Recruiting and HR, among other areas, are subject to this legislation.

“We’re constantly monitoring legislative changes on a global scale to better serve our customers”

At SmartRecruiters, we take data privacy and security seriously －so we’re constantly monitoring legislative changes on a global scale to better serve our customers and, ultimately deliver better recruiting software that enables our customers to meet their compliance objectives. In fact, the team at SmartRecruiters has monitored legislative efforts on GDPR for the past two years. Rest assured, it’s been on our radar for quite some time and we’re pleased to share that GDPR compliance efforts are just one component of our holistic approach to data privacy. In addition we have also taken it upon ourselves to incorporate the principle of privacy by design (PbD) at critical stages of product development －from planning to design and continuing throughout development and delivery.

“We are extremely sensitive to protecting the incredible amount of data that is generated from your recruiting activities”

Because SmartRecruiters supports customers with global operations, both in the U.S. and abroad, we are extremely sensitive to protecting the incredible amount of data that is generated from your recruiting activities. To that end, we’ve prepared a host of items to help your team prepare for the GDPR, including a comprehensive guide to the GDPR for insights and a proactive look at data privacy as it relates to your recruitment activities.

SmartRecruiters is proud to serve as your partner for data privacy while delivering value to your hiring teams through recruitment innovation. We look forward to sharing more about our product development and compliance enhancements, as we partner together to support your journey to compliance.