What is GDPR Compliance?

  • The GDPR (General Data Protection Regulation) is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It became enforceable on May 25, 2018.
  • The GDPR regulation replaces the Data Protection Directive (DPD 95/46/EC). It aims to give EU individuals control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. This way, GDPR addresses the transfer of personal data outside the EU and EEA areas.
  • Although GDPR is a regulation of the European Union, it affects businesses globally that process or manage the data of European citizens.

Decoding GDPR: Understanding Its Core Objectives

To put it simply, the primary objective of GDPR is to provide citizens of the EU with full protection against data breaches and enhance the privacy of their personal data. The "personal data" comes under GDPR. It is a wide subject that includes any information about an identifiable individual, which is known as a "data subject".

GDPR permits individuals, such as customers and citizens, with various data subject rights that they can invoke under specific circumstances, though there are some exceptions.

Here are some of the major changes that will be implemented with the upcoming GDPR:

1.Enhanced Individual Rights

Under the GDPR, individuals in the European Union are granted enhanced rights, including the right to be forgotten and the right to access personal data held about them.

2.Obligations for Organisational Compliance

The GDPR instructs companies to establish suitable policies and security measures, perform privacy impact assessments, maintain comprehensive data processing records, and formalise agreements with third-party vendors.

3.Notification and Security for Data Breaches

The GDPR obliges organisations to report certain types of data breaches to relevant authorities and, in specific scenarios, to the individuals impacted. It also imposes additional security requirements on organisations.

How Does iSmartRecruit Align with GDPR Privacy Laws?

iSmartRecruit is fully committed to complying with the General Data Protection Regulation (GDPR), recognising our role as a data processor and the importance of this regulation in the landscape of data privacy.

GDPR, with its complex requirements, necessitates a comprehensive approach to compliance, and iSmartRecruit has undertaken a rigorous process to align our operations with these standards.

Here's a broad summary of the steps we've taken to ensure compliance with GDPR.

1.Appointing a Data Protection Officer

To ensure our adherence to GDPR, iSmartRecruit has appointed a dedicated Data Protection Officer. This role is central to our GDPR compliance strategy, overseeing the implementation of data protection measures and ensuring ongoing compliance.

2. In-Depth Research Analysis of GDPR Impact

We have conducted an extensive analysis to understand how GDPR impacts various aspects of our product and business operations. This involves scrutinising our data handling practices, assessing the data lifecycle, and identifying areas requiring enhancements to meet GDPR norms.

3.Revising our Data Protection Agreement (Privacy Policy)

Our Data Protection Agreement, also serving as our Privacy Policy, has been thoroughly revised. This update ensures that our policies are transparent, align with GDPR requirements, and clearly communicate our data processing practices to our users.

4.Strategising for GDPR Compliance

We created a comprehensive strategy that focuses on how to address the GDPR's impact on our product. This strategy is the blueprint guiding our adaptation to the evolving landscape of data privacy.

5.Product Improvements for Compliance with GDPR

We have made necessary improvements and modifications to our product, ensuring it meets GDPR requirements. Details of these changes are outlined in our “Acknowledging Data Rights” section, which demonstrates our commitment to upholding data subjects' rights under the GDPR.

6.Updating Internal Processes and Procedures

Internal processes and procedures have been thoroughly revised to achieve and maintain GDPR compliance. This overhaul ensures that every aspect of our operation, from data collection to processing and storage, adheres to GDPR standards.

7.Revising our Data Protection Agreement (Privacy Policy)

All changes and updates have undergone rigorous testing to verify and validate our compliance with GDPR. This step is crucial to ensure that our measures are not only theoretically sound but also effective in practice.

8.Communicating Compliance

Our commitment to GDPR compliance is transparently communicated through our website. This communication is part of our effort to maintain transparency with our users and stakeholders regarding our data protection practices.

How Does iSmartRecruit Protect Your GDPR Data Rights?

To guarantee our customers' privacy and security, here is a clear rundown of the eight key data subject rights under GDPR and the steps we've taken to support these rights effectively:

1.Right to Be Informed
  • Understanding Its Meaning
  • This right ensures that individuals can access transparent and precise details regarding the collection, processing, and usage of their data by a business, including who handles the data and the purpose behind it.

  • iSmartRecruit's Approach to GDPR Compliance
  • Whenever candidates apply for jobs through the job application page, iSmartRecruit provides an opt-in option accompanied by a privacy document which explains the usage of their data. In addition, when candidates are manually added to the system, it is the responsibility of the "Data Controller" to inform them about the data usage.

    2.Right to Access
  • Understanding Its Meaning
  • This right entitles individuals to ask for and receive access to their personal data held by organisations.

  • iSmartRecruit's Approach to GDPR Compliance
  • iSmartRecruit facilitates this through our "Update Resume" feature. This feature enables you to provide candidates with a link through which they can view all the information you have on file about them. Also, it can be updated through the Candidate Self-Service Portal, where the candidate can log in with credentials and update the information.

    3.Right to Rectification
  • Understanding Its Meaning
  • Candidates will now also have the ability to edit, update and rectify any missing, incorrect or outdated information that has been stored about them.

  • iSmartRecruit's Approach to GDPR Compliance
  • With our “Update Resume Feature,” you can send your candidates a link that they can use to update their information or resume/CV. Also, it can be updated through the Candidate Self-Service Portal, where the candidate can log in with credentials and rectify the information.

    4.Right to Erase
  • Understanding Its Meaning
  • This right empowers candidates to ask organisations to remove their personal data or to submit a “request to be forgotten,” especially if they wish to stop their data from being stored or processed.

  • iSmartRecruit's Approach to GDPR Compliance
  • Candidates can be logged in to the self-service portal and request to erase from the candidate self-service portal itself. On submission of the request, the system will mark the information as anonymous immediately. Also, as a system admin, you can easily locate their record in iSmartRecruit and choose the delete option. This action promptly removes their record along with all related files. Also, if the candidate's record is already associated with jobs, the system will mark the information of the candidate as anonymous.

    5.Right to Restrict Processing
  • Understanding Its Meaning
  • This right allows individuals to ask for a limit on how their personal data is processed under certain conditions or scenarios. While data controllers can keep the personal data, they are not allowed to use it. Requests for restriction can be made either verbally or in writing, and organisations have one calendar month to respond to such requests.

  • iSmartRecruit's Approach to GDPR Compliance
  • In situations where a candidate requests not to have their profile deleted but rather have its use restricted – for instance, retaining their profile in your system but not contacting them about new opportunities or sharing their profile with hiring managers – iSmartRecruit provides a solution. Our system allows you to add a note against the candidates in a way that ensures they are neither forwarded to hiring managers nor contacted for any new job openings.

    6.Right to Data Portability
  • Understanding Its Meaning
  • This right entitles individuals to move their data freely from one electronic processing system to another, as per their preference. Under the new GDPR guidelines, companies are required to accommodate such requests within 30 days. Examples include transferring profiles between social networks or switching cloud service providers.

  • iSmartRecruit's Approach to GDPR Compliance
  • To transfer data from iSmartRecruit, write us at [email protected] and send a request for data backup. Our team will hand over your data in the Excel format.

    7.Right to Object
  • Understanding Its Meaning
  • The GDPR grants candidates the "right to object," meaning they can inform data controllers that they wish to stop the processing of their personal data. This right is often exercised in contexts like direct marketing, where data subjects prefer not to be contacted.

  • iSmartRecruit's Approach to GDPR Compliance
  • iSmartRecruit offers a feature where users can add notes and filter candidates and contacts who choose not to receive emails. This functionality facilitates an opt-out option for candidates and clients, ensuring they can easily withdraw from receiving communications from recruiters.

    8.Rights in Relation to Automated Decision Making and Profiling
  • Understanding Its Meaning
  • The GDPR addresses decisions made entirely through automated processes, without human involvement, as well as the automated processing of personal data for evaluating aspects of an individual, known as profiling. Profiling may be a component of automated decision-making. The GDPR's rules are applicable to all forms of automated individual decision-making, including profiling.

  • iSmartRecruit's Approach to GDPR Compliance
  • In iSmartRecruit, every action, from submitting candidates for job openings to emailing contacts, is executed by a human user. This ensures that all decisions are made by individuals, not through automated systems, in compliance with GDPR requirements.

    Enhanced Security Measures for GDPR Compliance

    In the event of data theft or loss, particularly if the resulting data breach poses a risk of harm, the data processor is obligated to notify you promptly. This responsibility has become increasingly critical in light of recent malware incidents like WannaCry and Meltdown, emphasising the significance of this protection for individuals.

    As a software company, iSmartRecruit always prioritises the security of our customers' data. Your sensitive data is encrypted and housed in top-tier data centres operated by Amazon Web Services (AWS). We utilise numerous AWS services to ensure regular data backups and availability.

    We've made many modifications and taken significant steps to facilitate your adaptation to the changes brought by GDPR. Our goal remains to simplify recruiters' work with outstanding software while seamlessly integrating these new data protection measures.


    Please note that the provided information is intended to offer an overview of how iSmartRecruit meets certain key GDPR obligations that you are legally required to fulfil under EU legislation.

    For any questions, feel free to reach out to us at [email protected]

    Let's grow together

    Demos are a great, fast way to learn about iSmartRecruit.
    Connect with us now to learn more!

    30 minutes to explore the software.