This document is intended for informative purposes only. It does not constitute legal advice regarding the GDPR or any other matter, and may not be used or relied on for such purposes.
This guide is part of Comeet’s GDPR compliance options. See the overview here.
Generally speaking, the GDPR specifies that everyone who is in the EU is considered to be a data subject protected by the regulations. Comeet allows you to specify whether to apply GDPR protection to all candidates or only to candidates for EU positions.
Data Subject Settings
Visit your GDPR settings (Company settings > GDPR) to specify who should be considered as data subject. Select one of the following options:
- All candidates – consider this option if your company’s recruiting activities are mainly in the European Economic Area (EEA, explained below), or if you simply prefer to have GDPR protection apply across-the-board without differentiating between two different sets of candidates.
- Candidates for positions in EU locations – if your company’s recruiting activities are both in the EEA and in other regions, and you do not wish to extend GDPR protection to all candidates. If you choose this option, GDPR protection will apply depending on the location of the position (not on the location of the candidate).
EEA Countries protected by the GDPR
If you choose to provide GDPR protection to “Candidates for positions in EU locations”, Comeet’s GDPR functionality and automated rules will be applied to candidates if the location of their current position is in one of the following countries:
- EU countries – https://europa.eu/european-union/about-eu/countries_en
Note: It is important to verify that all company locations have their country properly defined.
What happens when a position changes its location from a non-EU country to an EU country, or when a candidate is moved from a non-EU position to an EU position?
Automatic processes for sending the privacy notice, requesting consent and automatic data removal will take effect within a day after a candidate has been redefined to be a data subject.
What happens when a position location changes from an EU country to a non-EU country, or when a candidate is moved from an EU position to a non-EU position?
Candidates will no longer be defined as data subjects protected by the GDPR. GDPR-related processes (such as the automated privacy notice, request for consent and automatic data removal) will not be applied on those candidates.
Have more questions? Contact us at firstname.lastname@example.org