Google may have broken both UK and EU data laws by holding onto the personal information of job candidates which should have been deleted.
According to reports in Fortune, the tech giant is under investigation from both the Information Commissioner’s Office in the UK and Ireland’s Data Protection Commission, following complaints from a whistleblower who alleges that Google’s gHire recruitment system held onto personal details including names, phone numbers, emails, and CVs from applicants in the EU and UK from as far back as 2011.
If true, this means Google has failed to comply with GDPR (General Data Protection Regulation) which requires confidential and personal data to be erased as quickly as possible and within a maximum of one year.
A Google spokesperson told Fortune: “We have tight policies, processes, and access restrictions to protect the privacy of applicants and candidates, which are in line with laws, including the GDPR.
Continue reading for FREE!
Sign up for a myGrapevine account to get:
- Unlimited access to News content
- The latest Features, Columns & Opinions
- A full range of specialist HR newsletters to choose from
UK
United States

