What is Schrems II and why it concerns you as a recruiter (to the greatest extent)
Are you recruiting staff or will you be recruiting staff in the future? The probability that you answer yes to that question is very high. In today’s digital society where our personal data is very desirable, this also means a responsibility for you as an employer in how you handle a candidate’s personal information in the recruitment process. Schrems II is an addition to the GDPR that made the handling of personal data even more regulated, the new directive already came in the summer of 2020, but we can now see that companies are being audited to a greater extent that they comply with these laws – it affects you and your company more than you think.
Schrems II was born when the Austrian activist, author and lawyer Max Schrems sued Facebook for privacy violations because personal data was not protected at all according to the GDPR law. It turned out that the laws of other countries could override the GDPR and force them to share personal data. An example of that is the Cloud Act in the US – which was the opposite of what GDPR stands for.
This means that systems that contain personal data, for example in a recruitment tool, can no longer use non-European cloud providers or other systems that access personal data. Where, among other things, the largest suppliers such as Amazon, Digital ocean, Google cloud etc being disqualified and may not be used.
What many miss out on is that if you as a company violate the data protection regulation, the company may have to pay a fine of up to 20 million Euros or 4% of the company’s global turnover.
A good start to see if you are following the new directive is to start by investigating this:
- What recruitment system or recruitment tool do we have today?
- Which subcontractors or Cloud solutions do they use today that have access to the candidates’ personal data?
If the answer is that the cloud solution or the subcontractor is not European-owned, then you should check internally how you mitigate the risk of being audited.
Based on the Schrems II goal, Higher made the decision in autumn 2020 to move its entire mobile recruitment tool to a European cloud provider. As of February 1, 2021, there is no longer any connection to the USA. Regardless of whether you are a candidate and looking for a job through Higher or if you are a customer, you should always feel secure that Higher complies with the GDPR and acts responsibly in all situations. GDPR has become such an important issue and the supervisory authorities have started to act more clearly recently, so today IT providers cannot turn a blind eye to it anymore.
Do you want to know more about Schrems II? Read more here.
What will recruitment look like in the future? What can we expect to see more of in the future? Read Recruitment guide: The recruitment of the future today!