All Collections
Technical and Account Management
Data Protection and Compliance
GDPR and CCPA Compliance and Protecting Candidate Data
GDPR and CCPA Compliance and Protecting Candidate Data
Stefan Zivanovic avatar
Written by Stefan Zivanovic
Updated over a week ago


In the current digital era, data protection and privacy have never been more critical, especially when it involves personal information collected during recruitment processes. At ShortlistIQ, we prioritize not only the efficiency and accuracy of our AI recruitment assistants but also the rigorous protection of candidate data in accordance with global privacy laws such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Here's a deeper dive into what these regulations mean and how ShortlistIQ ensures compliance, maintaining trust and security for both our clients and their potential candidates.

1. What is GDPR and Why is it Important?

The General Data Protection Regulation (GDPR) is a privacy and security law drafted and passed by the European Union (EU) that came into effect on May 25, 2018. It imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The GDPR is designed to give individuals control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. Compliance is critical as it shows an organization's commitment to protecting customer and employee data, with heavy fines imposed for violations.

2. What is CCPA Compliance and Protecting Candidate Data and Why is it Important?

The California Consumer Privacy Act (CCPA), effective as of January 1, 2020, is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information (PI) of California residents. Like the GDPR, the CCPA is aimed at enhancing privacy rights and consumer protection. It grants California residents new rights regarding their personal information and obliges businesses in compliance to respect these rights. This act is significant as it sets a precedent for future privacy legislation in the United States and emphasizes the importance of treating candidate data with the utmost care and respect.

Return to Top

3. How Does ShortlistIQ Adhere to GDPR?

  • ShortlistIQ's Adherence to GDPR as Data “Controllers”

    As data controllers, ShortlistIQ takes full responsibility for ensuring that the purpose and means of processing personal data are compliant with GDPR. We ensure transparency with our users regarding how their data is being used and protect it with the highest security measures. Consent is a cornerstone; we ensure that explicit permission is obtained before any personal data is processed.

  • ShortlistIQ's Adherence to GDPR as Data “Processors”

    In situations where ShortlistIQ acts as a data processor, executing data processing on behalf of a data controller, we comply strictly with the guidelines set by GDPR. This includes processing data solely for the agreed purposes, ensuring data security, and aiding controllers in their compliance duties, such as fulfilling rights requests from individuals.

4. How Does ShortlistIQ Adhere to CCPA Compliance?

ShortlistIQ also respects and complies with the CCPA by providing California residents the right to know about the PI collected about them and how it's used and shared. We ensure the right to delete personal information collected and the right to opt-out of the sale of their personal information. Moreover, ShortlistIQ is committed to equal service and price, not discriminating against those who exercise their CCPA rights.

At ShortlistIQ, your trust is our top priority. Our AI-driven platform is designed not only for efficiency but with a staunch commitment to GDPR and CCPA compliance, ensuring candidate data is protected and handled with the utmost care. Our adherence to these regulations is detailed further on our Data Security page, where we invite you to learn more about our practices. Please visit Privacy Policy and Data Protection for comprehensive information on how we protect your data.

For more detailed information about the GDPR and CCPA, you can refer to the official sites and, respectively.

Did this answer your question?