Backcheck 2.0 Verifications
- About Us
April 4th, 2018 | Sterling
The European Union (EU) will soon have a new data privacy regime in place. On May 25, 2018, the General Data Protection Regulation (GDPR) goes into effect, changing the rules around protection of Europeans’ personal data. The GDPR was introduced to harmonize existing data protection laws across Europe, strengthen data protection rules in the digital age, and ensure consistency for individuals and businesses.
Sterling Talent Solutions has been working diligently since the law was first drafted to ensure we are GDPR compliant. We have prepared a 10-part series of webinars, a checklist, FAQs with common GDPR questions, and blog posts to help educate our readers about their obligations under the GDPR and to prepare their background screening program.
The General Data Protection Regulation will replace existing national data protection legislation in the EU Member States, such as the UK Data Protection Act 1998, and introduce new requirements for European businesses as well as some that are outside of the EU. It also alters some existing concepts, which means that businesses will need to review their existing processes to make sure they are compliant. The GDPR will apply to:
The GDPR will generally only apply to employee screening programs that are already subject to EU law. The General Data Protection Regulation will generally not apply to the following screening activities:
If you are not sure if the GDPR applies to you, please consult with your privacy office or seek legal advice.
There are some notable changes that organizations will need to keep in mind when working with personal data subject to the General Data Protection Regulation. Below are just a few of the components of the GDPR that may impact employment background checks:
For a company that relies on background screening information for its hiring process, it is recommended to have a background screening policy in place. Organizations need to understand how third-party companies process data on their behalf to make sure their privacy notices, policies and contracts align with General Data Protection Regulation requirements. For an employment screening program, the GDPR will generally apply only to companies operating and hiring locally in European countries subject to the GDPR. For programs that screen people other than employees, the GDPR may apply to data collection from Europe, even if the company does not operate there. To understand whether and how the GDPR applies to your screening program, Sterling recommends that you consult your legal counsel or privacy officer.
Background checks can involve significant personal data processing, so careful GDPR compliance is crucial. It is important for businesses to raise awareness of the changes, review current privacy notices and background screening policies, and consider the appointment of a Data Protection Officer (DPO) where needed. Failure to comply with the GDPR could result in fines of up to 4% annual worldwide turnover or €20 million, whichever is greater.
Sterling will be sending out client communications with further details that could require action if the GDPR applies to your screening program. Some changes for Sterling clients include signing a Data Processing Agreement (DPA) and reviewing a new sample privacy notice. Download the complimentary “General Data Protection Regulation and Background Checks: Considerations for Employers” checklist today to help your company prepare for the GDPR.
This publication is for informational purposes only and nothing contained in it should be construed as legal advice. We expressly disclaim any warranty or responsibility for damages arising out this information. We encourage you to consult with legal counsel regarding your specific needs. We do not undertake any duty to update previously posted materials.