Thanks, GDPR!

Thanks, GDPR!

14:25 11 June in Business, Human Resources, Jobs, Legal, Marketing, News Updates, Technology
0 Comments

If you’re like me, you have received dozens or maybe even hundreds of emails notifying you of a site’s change in their privacy policy. You may have wondered why, or perhaps you already know. On May 25th, the European Union’s General Data Protection Regulation(GDPR) became enforceable. For those who do not watch the news, or read trade magazines, or use the Internet, the GDPR has strict guidelines, mixed with a whole lot of gray areas, regarding the use and storage of personal information of all EU Citizens. Moreover, as a fun addition, they include some monster-sized fines for those caught in violation.

But wait, you say. I am not an EU citizen, why am I getting barraged with emails? Well, it turns out it is pretty darn difficult to determine who is an EU citizen and who is not, based on existing data. After all, thousands and thousands of EU citizens currently reside in the US, and thus, using an address may not be enough. So, companies are playing it safe; and I applaud it, and so should you.

When all this talk of GDPR surfaced, years ago, I was initially shocked to learn that the USA is not considered a safe place to store personal data. After all, we invented the Internet… thanks, Al Gore. As CTO of SmartSearch, a leading Applicant Tracking System (among other things), we have always gone through great lengths to protect the privacy of the 80 million candidates and contacts we store for our clients. This is one reason no one received notice regarding our privacy policy changes: Our privacy policy already met the standards of the GDPR. I mention this only to emphasize my surprise when the EU indicated that the only way US companies can store personal information on EU citizens is by certifying the are compliant via Data Processing Addendums and PrivacyShield.gov Certification.

I will admit, when all this first came out, I thought “great, more useless regulation that will cost businesses billions and billions to comply with.” However, after receiving so many emails that notify me of privacy policy changes, I have changed my opinion. Suddenly, I find myself the beneficiary of these new policies and I like it. Several sites, of which I had asked to be removed from email lists in the past, finally, actually removed me from their records. Glorious! And while my company did not need to change its stated privacy policies, we did add additional consent language to our hosted career sites for all candidates, asking them to permit us to store their data. It also forced us to carefully review every aspect of our privacy policy to make sure we were doing everything possible.

While I, like many IT professionals, am not comfortable with all the gray areas (what exactly does a legitimate business need to store personal data?), I do think the technology industry needed a jolt to remind us all that we have a responsibility to protect the data we control. So, again, I say… thanks, GDPR from all of us in the USA.

LJ Morris

ljm@aps2k.com

LJ Morris is the Chief Technology Officer and partner in the firm Advanced Personnel Systems, makers of SmartSearch talent acquisition and staffing management software. LJ holds an MBA in Finance and a BS in General Business and Computer Science. As a strong advocate of the agile development environment, he believes the secret to survival in the technology world is the ability to remain fluid, and adapt on a moment’s notice. An admitted technology junky, LJ enjoys bridging the gap between technology and people.

No Comments

Post A Comment