Where is your candidate data being stored?

In our digital world, with the increase in Big Data and the vast amounts of data now flowing across the planet, data centres and their security have become big business. Data centres and the rules surrounding their control have become more and more complex in the wake of GDPR and an increasingly scrupulous eye watching the international flow of data. Data centres must be reliable, secure and highly complex to be able to cope.

The security of candidate data must be treated with the greatest care, but to make things even more complicated, data privacy and security laws are different depending on where in the world the data is generated and stored.

Data is stored in data centres housing multiple computer servers and storage systems designed to keep data safe and accessible only to those with the right to access it. The location of the data centre, and therefore the location of the data itself, can create conflicting compliance needs. The EU has much stricter data privacy laws than other areas in the world, especially with the new GDPR coming into force last year, but how does that compare with areas, such as the US?

One of the main differences concerns ownership of data. Under GDPR the individual retains complete control of their data and has the right to deletion should they so wish. Companies accessing and storing data must be able to illustrate that they have a valid reason for doing so and have explicit permission to access data from the individual. In the US, data ownership usually rests with the company in possession of the data, and therefore data can be used according to state variation in privacy legislation and company terms of service.

EU privacy laws are universal across all 28 member countries of the EU, while US data centres are only bound by Federal privacy laws, other regulations can vary according to state laws.

In other areas of the world, differing legislation is in place. The government of India are currently discussing the Personal Data Protection Bill, which has been compared to GDPR in its design, including in matters of data ownership, control, and consent. In Canada, the new Personal Information Protection and Electronic Documents Act (PIPEDA) also protects individuals’ rights to access of their data, and for companies to obtain their consent to collect, use or disclose the data, but some people argue that the PIPEDA falls short against other data privacy laws around the world.

Varying international data privacy laws illustrate the need to use a reputable screening provider for your pre-employment screening to ensure that your candidate data is secure and is used in line with relevant data protection legislation.