Frequently Asked Questions about GDPR


Please take note, while PickJobs is doing everything it can to help you, as our client, we are not a law firm and we suggest you seek legal advice to ensure GDPR compliance.
Please also refer to our Privacy Policy and Terms and Conditions for more information.

1. What is GDPR?

GDPR stands for "General Data Protection Regulation". The GDPR came into force on 25 May 2018 for the purpose of examining the European and world data privacy framework.

2. What are the GDPR requirements?

All organizations and companies in Europe and in the rest of the world, must take measures to study the legislation and accordingly analyze the impact of GDPR on the activities they carry out.

Some of the most important requirements are the following:

Companies and organizations that regularly and systematically process personal data or monitor data subjects will need to provide a data protection officer.

  • Transparency 
    • You have a duty to be direct with customers, employees and others about how data is processed. This means you need to know what you are doing and why and be able to convey it in a clear and complete way. 
  • Data Privacy Impact Assessment (DPIA) 
    • If a new or existing activity results in a high risk to the rights and freedom of the individual, companies will need to take systematic measures of reviewing how they can best protect them. 
  • Deleting and portability of data 
    • Organizations and companies will need to provide systems that are able to delete unnecessary data or transfer it to another location, at the request of the users they relate to. 
  • Design that allows privacy by default 
    • These are safeguards to ensure the protection of personal information embedded in your processes and systems. 
  • Responsibility 
    • Compliance with the rules must be clearly stated, which means maintaining a reliable register of data processing activities. It also implies, in the event of a security breach, the ability to provide insight into what has happened and the preventative measures you take when reporting a security breach.

3. What does it mean for my company if it is not GDPR compliant?

Please take note, while PickJobs is doing everything it can to help you, as our client, we are not a law firm and we suggest you seek legal advice to ensure GDPR compliance.

Most of you have heard that the penalties have changed:

For serious misconduct (eg a major security breach when the organization has been subject to grossly inadequate safeguards), the maximum administrative penalty is up to 4% of global traffic, or € 20 million, whichever is greater.

For other breaches (eg inadequate record keeping or failure to report breaches of law), regulatory authorities will be able to issue fines of up to 2% of global traffic or € 10 million.

There is a direct right that allows data subjects the right to request compensation from a controller or data processor.
So, if the information was wrongly withheld or used and the individual suffered damage, the companies could be at the throes of legal services.

Finally, the reputational consequences of non-compliance are possible because sanctions and large fines issued by the regulator are available to the public. Staying compliant is crucial for any business that wants to maintain their reputation as a secure company in the digital market.

4. Who is GDPR related to?

GDPR applies to natural or legal persons, public authorities, agencies or other bodies processing personal data (processing during purely personal / household activities is excluded). How thoroughly GDPR affects you depends on the nature of your processing activities, but regardless of the size and shape of your business, it is likely to have an impact. If you are not sure if GDPR applies to you, it is best to assume that it is and seek legal advice.

5. How does GDPR affect companies outside the EU?

Non-EU companies must comply with GDPR if they process, manage or store personal data relating to EU data subjects or if they process personal data on behalf of EU companies. Regardless of your location and location of your business, if you do business with clients or organizations within the EU, your business must be GDPR-compliant.

6. How do I prepare my business for GDPR?

The necessary steps you can take are:

  • Awareness 
    • Key staff and decision makers need to be aware of changes in the law. At the time of implementation, it is important that all individuals involved in the preparation project are aware of their authority, responsibilities and duties. 
  • Copy of data
    • Thoroughly analyze data, their purpose, storage, generation and who are you sharing it with? Establishing the right visualization, mapping and management tools will help you with your organization. 
  • Appoint a Data Protection Officer 
    • Try to reduce the responsibility to as few people as possible, or choose who will take responsibility for upholding and enforcing the law. For larger organizations, this will involve appointing at least one DPO, for smaller organizations you will need to appoint a Data Protection Officer, and for single-person companies you will have to take the responsibility of understanding the GDPR and its determinants. 
  • Review security breach prevention procedures 
    • Ensure that you have the correct procedures for detecting, responding to and reporting violations in accordance with the Regulation. Provide a security audit to guarantee adequate safeguards.
  • Review and refresh the consent process 
    • See how you receive, record and manage consent. Consider whether any changes to your existing GDPR implementation procedures will be required. The same applies to your current privacy notices.
  • Ensure consumers have their data rights 
    • If you are processing an individual's personal information, you must enable them to exercise their rights. Analyze your infrastructure so that they can respond to requests such as: 
      • If the customer requests a copy of the information you have about them
      • If you are asked to delete their data or transfer it

GDPR and PickJobs

1. Who is responsible for complying with GDPR?

Initially, PickJobs is a data controller and we are responsible for processing the data on our web pages. Candidates search our site and give us "consent", applicable GDPR (through contract, lawful interest, or consent) to enable our clients to contact candidates for a specific job listing or access their CV from our CVDB. The moment you approach a candidate to help them apply for a job or download their CV from our CVDB, you become a data controller. At this point, you, as the data controller, must comply with the GDPR and you will need to provide individuals with the opportunity to exercise their rights. Specifically, you will need to provide them with specific information and, if you want to use the candidate's data for any purpose other than filling a specific vacancy, you will need to obtain your own GDPR approval form to continue using the candidate's identifiable information.

2. Do we have proper GDPR approval?

Check in our "Privacy Policy" which contract, consent, legal reasons and legitimate interest we use. When you access our CVDB to download a candidate resume, or if you use our candidate assistance tools, you can count on our processing fundamentals to establish communication with the customer for recruitment purposes. Anything that goes beyond these points, you must seek the consent of the candidate to use their personal information.

3. Where is the user's data stored?

If our companies are not based in the EEA, we also provide or are in the process of obtaining such certification with an appropriate level of protection through data processing agreements or Privacy Shield certification.

4. What security measures do we have in place?

All data is stored in a secure web hosting environment with restricted access. We have regular risk reviews, external environmental penetration tests and internal audits.

5. Do you have any other questions?

Do not hesitate to contact us at and we will endeavor to answer any additional questions. However, please note once again that we cannot provide legal advice to your business.

Download PickJobs mobile app

Download free PickJobs mobile app on your Android or iOS device, via Google Play Store or App Store and gain access anywhere, anytime.