Do I need to worry about GDPR in the US?
The short answer is yes.
What your company needs to ask itself is whether or not it gathers data from EU citizens who reside in the EU. If so, you are within the EU’s digital borders and the law of the land applies, in this case, the GDPR, or General Data Privacy Regulations, which came into effect on May 25th, 2018.
A person isn’t normally subject to the laws of another country. I can’t be arrested for chewing gum by the Singapore government when I’m in my hometown in France, for example. So it may seem strange that the US has to worry about new EU legislation, but in the era of the internet and digital data collection, we have to remember that the borders between nations are more complicated than a line on a map.
Any company with a business presence in Europe – which is most – needs to take measures to ensure GDPR standards are upheld, including, but not limited to, the right on the part of the individual to access/edit/erase personal data. It is also the responsibility of businesses to prove a fair and lawful basis for collecting personal data, which is why you’ve been inundated by pop-ups and emails recently, asking you to “stay in touch” or “click here to keep getting updates.” These are all in service of ensuring GDPR compliance.
For HR, you have to think about how you’re collecting and storing data from applicants who can respond to your posting from all over the world. Most companies store their information on an ATS, but it’s important to remember that this legislation applies to hard copy documents as well.
A few things your ATS should be able to do is set access authorization policies to limit access to candidate data, and allow candidates to exercise their rights including to update their data by themselves. In the end, if you look at it from a candidate perspective, it’s really positive. For the first time, the end-user has full transparency and control over their personal information.
Click here for a full ATS compliance checklist.