The GDPR, or General Data Protection Regulation, is a European privacy law that went into effect in May 2018. It regulates how personal data of individuals in the EU can be collected, used, and processed. The law impacts European companies, businesses that target European individuals, and those that collect, use, or process the personal data of European individuals. This means the GDPR will apply to most organisations that process personal data of EU individuals—regardless of where the business is established and where their processing activities take place.
The GDPR defines “personal data” as any information that can be used to directly or indirectly identify a person, such as a name, unique identifier, photograph, email address, or IP address.
The GDPR imposes the following principles-based requirements:
Organisations are assigned the role of data controller or data processor. Many organisations will qualify as both, depending on the relationship of the parties and specific data processing activities. This is how SourceWhale views those roles and associated responsibilities:
A “data controller” is the party that alone or jointly with others determines the purposes and means of the processing of personal data, and processes the personal data for its own purposes. While using SourceWhale to source candidates and/or clients, users (“you”) are the data controller because you determine the purpose (e.g. recruiting a candidate) and the means (using SourceWhale) of processing the personal data. Separately, SourceWhale is a data controller for the personal data associated with your SourceWhale account (e.g. your business contact information) because we control the means and purposes of this processing for our use: invoicing, to communicate information about your account and for other administrative functions.
SourceWhale is the “data processor” because we process personal data on your behalf under an agreement in which you tell us what data to process, for what purpose(s), how long we can keep the data, and any restrictions you impose on our use of the data.