The General Data Protection Regulation came into effect on 25th May 2018 and it caused a media frenzy, as well as increased anxiety for companies across all industries and sectors. Hardly surprising, considering that companies can expect to pay a maximum fine of €20 million or 4% of their global turnover should they be found to be non-compliant.
But now that the dust has settled and GDPR is yesterday’s news, how does it actually effect HR departments and what should recruiters be considering in order to comply when carrying out pre-employment screening?
The main aim of the GDPR is to give people more control over their data, as well as an understanding of why companies and organisations might be accessing it, what they are going to do with it and how individuals can limit or restrict its use.
In recruitment, GDPR aims to give candidates a better understanding of background screening as a process, by helping them see exactly what companies want to know about them and why.
Much of GDPR is focused around the idea of consent, and companies accessing personal data must have the explicit consent of the individual in question. This means that companies carrying out background checks must give candidates clear and concise information around the nature of the checks they carry out, and only carry out checks when explicit consent has been given.
Once that data has been collected, organisations need to be able to fully map the flow of the data, not just where it came from and where it ends up, but where it might go on its journey, and who might access it. This information should also be transparent to the candidate before consent can be given. Companies should have clear procedures in place regarding how to record the flow of sensitive data, and in the event of a breach, report the breach and be able to track exactly how and why the breach happened.
Under GDPR individuals also have rights to object to the processing of their data, as well as request that their data be transferred from one organisation to another.
In a nutshell, GDPR means that all companies must be completely transparent and vigilant about how they gain access to, process and store data.
Using a dedicated screening provider can help ensure that you are GDPR compliant in your screening process. Working with a screening provider who has a full and comprehensive understanding of the GDPR and how it might affect procedures gives peace of mind to HR departments as well as providing the required transparency to the candidates themselves.