GDPR Information

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that took effect on May 25, 2018. It strengthens the protection of personal data in response to modernization, rapid technological developments, and complex cross-border data flows. GDPR gives individuals more control over their personal information and replaces older data protection laws with a single set of rules enforceable across all EU member states. At Balkan Outsourcing, we comply with GDPR to protect the data of our clients, candidates, and partners.

What Does GDPR Regulate?

GDPR strengthens and standardizes data privacy across the EU, imposing strict obligations on data controllers and processors. It requires:

  • Lawful, transparent processing of personal data.

  • Collecting only necessary data for clear, specific purposes.

  • Keeping data accurate, secure, and up-to-date.

  • Limiting data retention to what’s needed.

  • Restricting marketing and automated profiling without consent.

  • Ensuring secure data sharing with proper safeguards.

  • Demonstrating accountability through records and policies.

For Balkan Outsourcing, this means handling candidate and client data responsibly and transparently in our recruiting and outsourcing services.

What Counts as Personal Data?

Under GDPR, personal data includes any information that can identify an individual, such as:

  • Name, email, phone number, or address.

  • Online identifiers like IP addresses or cookies.

  • Sensitive data, including racial or ethnic origin, health records, or criminal history.

  • Even pseudonymized data (where identifiers are masked but could be re-linked) may be subject to GDPR if re-identification is possible. At Balkan Outsourcing, we treat all such data with the utmost care.

How Do We Ensure GDPR Compliance?

GDPR compliance is central to our operations at Balkan Outsourcing. Here’s how we ensure readiness:

  • Data Governance: We map data flows to understand what data we collect (e.g., candidate resumes), why we need it, and how long we keep it.

  • Security: We use access controls, and other technical measures to protect data.

  • Training: Our team is trained on GDPR requirements to handle data properly.

  • Risk Management: We conduct regular risk assessments and have a breach response plan in place.

  • Transparency: We provide clear information and respond promptly to data requests.

These steps ensure we maintain transparency and trust with our clients and candidates. For more details, see our Privacy Policy.

FAQs for Balkan Outsourcing Suppliers / Partners

How do I know if GDPR applies to the work my company performs for Balkan Outsourcing?

Balkan Outsourcing will provide you with a GDPR information package outlining your responsibilities. If you’re unsure whether your services fall under GDPR, please contact your Balkan Outsourcing representative or email us at privacy@balkanoutsourcing.com.

Is the GDPR contract a standalone document or an amendment to existing agreements with Balkan Outsourcing?

The GDPR agreement amends any existing contracts where your company processes EU personal data on our behalf. It is also a standalone document to ensure clarity and easy reference for GDPR obligations across various engagements.

Are there follow-on activities after the contract is signed?

Yes, GDPR compliance is ongoing. Your company must implement technical and organizational measures to protect EU personal data, monitor compliance, and ensure any sub-processors you use also comply with GDPR. Balkan Outsourcing may reach out with additional requirements or updates to support compliance.