GDPR Summary

What is GDPR?

General Data Protection Regulation (GDPR) is a regulation on European Union (EU) law on data security and privacy for all individuals residing in an EU member state. The regulation primarily is in place to provide more control to an individual over the use of their personal identifiable data. GDPR will go into effect on May 25th, 2018.

What is personal identifiable information?

In relation to GDPR Personal Identifiable Information (PII) refers to any data that can be used to identify an individual. A few obvious examples would be and individuals passport number, mailing address, email address, or phone numbers. However, with updates to technology information such as IP address, social media posts, and behavioral data can also be considered PII.

Who should care about GDPR?

Companies based or have a large presence within the EU are most affected. However, any organization that requests or uses Personal Identifiable information from an individual within the EU should be interested in how that data is process and stored.

Does the GDPR require EU personal data to stay within the EU?

No, the GDPR does not require data to remain in the EU. However, it does required that an organization have valid transfer mechanism in place before it leaves the EU. One of these mechanisms is having a Privacy Shield Certification.

interviewstream And GDPR Compliance

interviewstream and all of its subsidiary products have taken the appropriate steps to be GDPR compliant as of May 25th, 2018.

interviewstream principles of Security and Privacy

At interviewstream we value the individual rights to privacy and security around personal identifiable information. Because of that we have implemented a set of Privacy Principles and Security Principles. These principles are what we use to make product and business decisions within our organization.

What steps is interviewstream taking to ensure GDPR compliance?

  • Reviewing vendor agreements – We are reviewing all of our agreements with any vendor we use to enhance the experience of our products for our customers. If adjustments are needed we are proactively making those adjustments and signing any data protection addendums that are relevant.
  • Ability to process outside of the EU – In order to properly process data outside of the EU, interviewstream has gone through the Privacy Shield Certification.
  • Making available a interviewstream Data Processing Agreement – If your use of interviewstream (or its subsidiary products) require the processing of personal identifiable information within the scope of GDPR you can request our DPA by contacting
  • Behind the scenes changes to ensure interviewstream products and services are GDPR compliant – This includes updates to interviewstream products and policies. We are also working with our engineering and technical support teams to ensure fast responses when our customers receive requests from data subjects for access, erasure, or rectification to their personal identifiable information. We also are implementing various policies to ensure any future product enhancements remain GDPR compliant.

What will interviewstream do if a data subject (candidate or user) has a request related to their data?

All requests can be submitted to However, the procedure is slightly different depending on if the data subject is a user (administrator, recruiter, manager, etc. with a interviewstream log in) or a candidate / student (or any individual submitting their data for the benefit of the interviewstream client).

If the requestor is a user of the platform we follow our internal procedures in handling the request. We will provide updates as to the erasure, access, or rectification of the data in question. All data requests can be emailed to with the following information:

  1. User First and Last Name
  2. User Email Address
  3. Account / Company of User
  4. Summary of data request (including details on whether the user needs access or if the data needs rectification or erasure)

All requests will be responded to within a timely manner.

If the requestor is a candidate / student a interviewstream support team member will reach out to the administrator of the account that is processing the data of the individual. It is up to the client to decide what steps they would like to take with the request.

What do I do if a data subject (candidate / student) has a request related to their data?

As the client you are the data controller. Meaning, it is your choice how you want to honor the request. If you would like to honor the request of the candidate / student please email with the following information:

  1. Your First and Last Name
  2. Your Email Address
  3. Your Company Name
  4. Candidates’ First and Last Name
  5. Candidates’ Email Adress
  6. Summary of data request (including details on whether the user needs access or if the data needs rectification or erasure)

Will interviewstream make adjustments to the Data Processing Agreement?

Our data processing agreement has been put into place to ensure GDPR compliance for both interviewstream and the signing parties of the agreement. However, if you have a concern with the agreement please email and we will do what we can to rectify your concern.

Additional information can be found in our Privacy Policy and Terms of Service. If you have any other questions or concerns related to GDPR, data security, or data privacy please email


interviewstream is dedicated to the success of more than 900 clients from K-12 school districts, emerging businesses, midsize companies, large enterprises, colleges, and universities.

SOC TYPE 2 Cetification Badge


877-773-3164 (USA Only)


© 2024 interviewstream | all rights reserved XML Sitemap