Glassdoor · Glassdoor Privacy Policy · View original document ↗

GDPR Data Controller and Representative Designation

Medium severity High confidence Explicitdocumentlanguage Unique · 0 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for Glassdoor Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

Glassdoor has formally designated legal entities to represent it under GDPR for users in the UK and EU, meaning those users have specific data rights they can exercise against these named entities.

This analysis describes what Glassdoor's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

Naming specific GDPR representatives means EU and UK users have clear entities to contact with data rights requests, complaints, or regulatory concerns, which is a meaningful compliance commitment.

Recent Activity

This document changed recently

Medium Apr 23, 2026

The updated policy grants EU, UK, and Swiss residents explicit rights to request access to their personal data held by Glassdoor in the United States, and to correct, amend, or delete that data. Glassdoor commits to responding to deletion requests within a reasonable timeframe and to obtaining explicit consent before sharing sensitive data with third parties or using data for purposes beyond the original collection. You can exercise these rights by following the instructions in the 'Controlling Your Personal Data' section of the policy.

View change record →
High Mar 19, 2026

The updated privacy policy removes explicit language granting users the right to correct, amend, or delete personal information held by Glassdoor. It also eliminates the documented right to opt-out before data is shared with third parties or used for purposes beyond the original collection. Previously, users could request limits on data use and disclosure; this right is no longer stated in the policy. Instead, the updated terms establish binding arbitration as the mechanism for resolving privacy complaints. Under the revised policy, users who have unresolved privacy concerns may invoke binding arbitration through TrustArc, but they no longer have contractually documented access to data correction, deletion, opt-out, or use-limitation mechanisms.

View change record →

Clause Stability Stable

0
Changes
3
Months Monitored
May 9, 2026
First Seen
May 22, 2026
Last Seen
This clause type exists across 3350 other provisions on other platforms.

Consumer impact (what this means for users)

EU users can direct GDPR data rights requests (access, deletion, portability, objection) to Glassdoor Hiring Solutions Ireland Ltd., and UK users can direct requests to Glassdoor Global Ltd., giving users specific and named points of contact for data rights enforcement.

How other platforms handle this

Garmin Medium

If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...

Ledger Medium

At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.

Strava Medium

We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...

See all platforms with this clause type →

Monitoring

Glassdoor has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
Glassdoor LLC is the data controller for our services. Our representative in the UK for GDPR: Glassdoor Global Ltd. Our representative in the EU for GDPR: Glassdoor Hiring Solutions Ireland Ltd.

— Excerpt from Glassdoor's Glassdoor Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

(1) REGULATORY LANDSCAPE: GDPR Article 27 requires non-EU/UK established controllers with EU/UK processing activities to designate a representative in each jurisdiction. The designation of Glassdoor Global Ltd. (UK) and Glassdoor Hiring Solutions Ireland Ltd. (EU) fulfills this requirement on the face of the policy. The UK ICO and EU Data Protection Authorities (led by the Irish DPC given the Irish entity) are the primary enforcement authorities. GDPR Articles 15-22 govern the data subject rights these representatives must facilitate. (2) GOVERNANCE EXPOSURE: Medium. The designation itself is standard compliance practice, but the operational effectiveness depends on whether these entities are properly resourced to handle data subject requests within GDPR timeframes (generally one month under Article 12). The Irish DPC's jurisdiction over Glassdoor's EU operations means it is the lead supervisory authority for cross-border processing matters. (3) JURISDICTION FLAGS: EU/EEA users have the right to lodge complaints with their local DPA even when the lead authority is the Irish DPC. UK users can file complaints with the ICO. Post-Brexit UK GDPR applies separately from EU GDPR, meaning two distinct compliance frameworks apply. (4) CONTRACT AND VENDOR IMPLICATIONS: The representative entities must be formally authorized under GDPR Article 27 and should have documented mandates. Legal teams should confirm that these entities are empowered to respond to regulatory inquiries on behalf of Glassdoor LLC. (5) COMPLIANCE CONSIDERATIONS: Data subject request workflows should be mapped to each representative entity and tested for timeliness and completeness. Complaint escalation paths to relevant DPAs should be clearly documented in internal procedures.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • State AG
    EU and UK users can escalate complaints to their national or local data protection authorities if data rights requests are not fulfilled by the named GDPR representatives.
    File a complaint →

Applicable regulations

CCPA/CPRA
California, USA
Colorado AI Act
US-CO
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
FTC Act Section 5
United States Federal
GDPR
European Union
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
Universal Opt-Out Mechanism Expansion 2026
US
VPPA
United States Federal

Provision details

Document information
Document
Glassdoor Privacy Policy
Entity
Glassdoor
Document last updated
May 5, 2026
Tracking information
First tracked
May 9, 2026
Last verified
May 9, 2026
Record ID
CA-P-007148
Document ID
CA-D-00156
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
2329494347aff6e7bbcf6f8e7636d842732763f76f994262bac9365b89daa06f
Analysis generated
May 9, 2026 15:12 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Glassdoor
Document: Glassdoor Privacy Policy
Record ID: CA-P-007148
Captured: 2026-05-09 15:12:51 UTC
SHA-256: 2329494347aff6e7…
URL: https://conductatlas.com/platform/glassdoor/glassdoor-privacy-policy/gdpr-data-controller-and-representative-designation/
Accessed: July 1, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Glassdoor's GDPR Data Controller and Representative Designation clause do?

Naming specific GDPR representatives means EU and UK users have clear entities to contact with data rights requests, complaints, or regulatory concerns, which is a meaningful compliance commitment.

How does this clause affect you?

EU users can direct GDPR data rights requests (access, deletion, portability, objection) to Glassdoor Hiring Solutions Ireland Ltd., and UK users can direct requests to Glassdoor Global Ltd., giving users specific and named points of contact for data rights enforcement.

Is ConductAtlas affiliated with Glassdoor?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Glassdoor.