International privacy rules can be confusing and difficult to decipher. With common misconceptions and a lack of knowledge flooding business minds across the nation, this paper aims to provide a clear understanding of what the laws entail, who they apply to and how to remain compliant. The paper will be broken into three parts: An Overview of International Privacy Laws, How to Ensure Your Company Complies With EU Guidelines, and Compliant Global Recruitment – A Tyco Electronics Case Study. This article is an overview of information and best practices, specific legal guidance should be obtained to gain a better understanding of the laws of the relevant country when considering International Privacy Rules.



In 1995 the European Commission implemented the Data Protection Directive or Directive 95/46/EC to regulate the processing of personal data within the European Union. The Directive is based on three main principals: Transparency, Legitimate Purpose & Proportionality. These principals directly determine how personal data (i.e. candidate data) can be processed. The first principal, Transparency, states that the subject of the data must be informed about the following regarding the processing of his or her data:

Who is processing it?
When it is being processed?
What is the purpose of its processing?
Who will be receiving the data?

The second principal, Legitimate Purpose, states that personal data can only be processed if there is a specific and legitimate purpose for processing the data and that the data is not processed any further than these explicit specifications.

The final principal, Proportionality states that the data must be accurate and up to date and if the data becomes inaccurate or incomplete is erased or rectified¹.


The European Union consists of 27 member states that are committed to regional integration. These countries are located primarily in Europe and have come together for both economical and political reasons². If your company receives candidates from countries within the EU, you are required by the European Commission to abide by their privacy rules.

Austria Belgium Cyprus Czech Republic Denmark Estonia Finland France Germany

Greece Hungary Ireland Italy Latvia Lithuania Luxembourg Malta Netherlands

Poland Portugal Romania Slovakia Slovenia Spain Sweden United Kingdom

First and foremost do your research! Reading this white paper is your first step in becoming familiar with the European Union’s guidelines regarding HR data collection. Whether your company already operates on a global scale or is considering expansion, knowing what the laws include is the best way to ensure compliance.

• If you do not have a physical operating presence in a country, their privacy laws do not apply to you
• Recruiting has to be active in order for the rules to apply
• If you receive a resume, but don’t consider it, you are not bound by the privacy rules of the applicant’s country
• If a company expands globally after the fact, past transgressions will not be held accountable³

The best way to ensure compliance is to do your research. Understanding what the laws are of the countries you are operating in and/or receiving candidates from will facilitate your recruiting as well as ensure compliance. Once you’ve familiarized yourself with the guidelines, make sure your online career center has a privacy statement (similar to the EU’s Directive Principals) which clearly states what you will be doing with the collected information. Your company might also consider applying to the Safe Harbor list. The Federal Trade Commission oversees this program and to date, no company's procedures have been challenged as failing to meet these guidelines.⁴

1. Explain how & why you are collecting personal information
2. State who will be viewing the applicants personal information (or more importantly, who will not be viewing this information)
3. Explain how and when the applicant can access their resume/CV during the candidate process
4. Let the applicant know how long their information will be stored for and why it’s being stored for that period of time
5. Include information for applicants that are specifically applying from countries included in the European Union
6. Include contact information for any applicant with questions involving their candidacy and/or international privacy laws
7. Let applicants know if your business is a part of the Safe Harbor list ⁵

The Safe Harbor list is made up of companies that have indicated to the Department of Commerce that they adhere to the safe harbor framework developed by the European Commission and Department of Commerce. The safe harbor provides guidelines for businesses located in the US on how to provide protection for personal data. After opting in, an organization must recertify every 12 months. It can either perform a self-assessment to verify that it complies with these principles, or hire a third-party to perform the assessment. There are also requirements for ensuring that appropriate employee training and an effective dispute mechanism are in place. The guidelines are broken into the following 7 principals:

• Notice – Individuals must be informed that their data is being collected and how it will be used
• Choice – Individuals must have the ability to opt out of the collection and forward transfer of their data to third parties.
• Onward Transfer – Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles
• Security – Reasonable efforts must be made to prevent loss of collected information
• Data Integrity – Data must be relevant and reliable for the purpose it was collected for
• Access – Individuals must be able to access information held about them, and correct or delete it if it is inaccurate
• Enforcement – There must be effective means of enforcing these rules.⁶

The Challenges
Tyco Electronics is a $14.4 billion global provider of engineered electronic components, network solutions, specialty products and undersea telecommunication systems with customers in more than 150 countries. Tyco designs, manufactures and markets products for customers in a broad array of industries including automotive; data communication systems and consumer electronics; telecommunications; aerospace, defense and marine; medical; energy; and lighting.

With approximately 75,000 dedicated employees working in manufacturing, sales and customer service, much of Tyco Electronics’ recruiting and hiring is done outside of the United States. Supporting locations throughout China, Japan, the Czech Republic, Germany, India, Australia and the United Kingdom, just to name a few, Tyco Electronics’ HR department was experiencing considerable difficulties unifying their team’s recruiting efforts. For example, although automated recruitment technology was being used successfully in the United States, archaic manual procedures were still in place across Tyco Electronics’ global offices. As a result, there was no single repository where the company could easily track and manage all positions and candidate activity. This lack of cohesiveness made it impossible to properly report on global metrics, which Tyco Electronics found to be cumbersome and frustrating, and an obstacle to improving HR processes. Tyco Electronics also wanted to ensure that they were remaining compliant in each of the countries they were recruiting in. With international privacy laws protecting the transferring of data, especially with countries in the EU, Tyco needed a solution that would keep them compliant no matter what country they received candidates from.

The Solution
Decision makers at Tyco Electronics decided that it was time to do away with these frustrations and streamline their global recruiting processes. Wanting to coordinate their team’s efforts on a global scale, Tyco Electronics first looked to the recruitment technology that they had in place in the United States. Tyco Electronics was soon disappointed to learn, however, that their existing Talent Management provider was unable to execute globally and subsequently help with their compliance issues. After a study of the Talent Acquisition and Management marketplace, Tyco Electronics chose to make the switch to the iCIMS Talent Platform, which could simultaneously unify their processes, while also offering access across all international locations and promoting compliance.

The Results
Since implementing the iCIMS Talent Platform, Tyco Electronics has successfully streamlined and unified their Talent Management efforts on a global scale, significantly improving their team’s productivity by eliminating manual processes and coordinating international initiatives. With the help of the Talent Platform, Tyco Electronics is now able to track local currencies, manage international workflows, utilize flexible talent portals in multiple languages and run searches on any information in the system – all within one core solution. Additionally, team members now have the ability to produce real-time metrics across their global and domestic departments, locations and business units. The iCIMS team also enabled Tyco Electronics to develop a global plan for remaining compliant with International Privacy Laws – no matter what country they recruit in. From crafting data privacy statements to providing answers on data purging & EEO compliance, Tyco Electronics can now rest assured that their recruiting efforts are not only efficient, but compliant too. With iCIMS, Tyco Electronics has found a partner able to execute on a global scale functionally, technically and with round-the-clock international customer support.


iCIMS' suite of Hiring Management Systems helps corporations gain a competitive edge as they launch their International Talent Management Programs. iCIMS' established international clientele and experience in both implementing and supporting global hiring initiatives gives companies peace of mind during a global expansion that many competing vendors cannot offer.

iCIMS' solutions not only address domestic compliance and data privacy benchmarks, but they are also designed to consider international data transfer and privacy standards. Specifically, iCIMS is Safe Harbour Certified, an important accreditation that addresses the European Union's requirements on international data security and privacy. This certification ensures that data is reliable, accurate, complete, and current to the specifications of the European Union. The flexibility of iCIMS' Talent Platform allows all companies to remain in compliance for international employment acts including the European Union Employment Policy, PRC Employment Contract Law, Australian Standard Compliance Programs and much more.

To learn more about how iCIMS and the Talent Platform can be set up to help your organization come into compliance with International Privacy Laws, as well as help with other hiring management needs, please contact iCIMS at 1-800-889-4422 or take a look at an online virtual tour of ICMS’ Talent Platform at: http://www.icims.com/prelude/1065/9998

---

¹ European Union Law
² Europa: Basic Information on the European Union
³ Do International Privacy Rules Apply to You?
⁴ Eur Lex European Law
⁵ https://jobs.boeing.com/help/privacy-statement.html
⁶ Save Harbor Overview