Google may now be facing investigation for a potential breach of the General Data Protection Regulation (GDPR) after whistleblower complaints were filed with the United Kingdom’s Information Commissioner’s Office and Ireland’s Data Protection Commission in November and February, respectively.
According to complain Google’s gHire recruitment system may have held personal details such as names, phone numbers, emails, and résumés from applicants in the EU and UK that date back to 2011. Meaning that gHire system failed to delete old and unnecessary data as required by GDPR.
Google has responded by stating they deployed an automatic data delete tool last year in order to meet the requirements of GDPR. This was completed by the fall of 2021 following warnings to them. However, despite the deletions, this timeline could potentially leave Google in violation of the GDPR for four years dating back to when it came into effect in May 2018. Consequences for this can lead to potential fines of up to 4% of a company’s global annual revenues.