Experts have noted that the landscape of global verification is more complex in the EU when compared to others. Against this backdrop of rigid data security and privacy laws, the GDPR regulations that will come into force from May of this year is all set to make background checks even more stringent.
In the service and delivery field, doing a criminal record check along with your usual background check is as important as it is complicated. The process of verifying the provided information, regarding an individual’s criminal records, has to be done with great care.
The General Data Protection Regulation (the GDPR) recognises the concept of Privacy by Design. Privacy by Design deals with data protection principles and states that the verifying agency must comply with data protection principles. It imposes an obligation on the data controller to implement appropriate technical and organisational measures to protect personal data against unlawful processing. It states that if personal information or an organisation are at risk, the data controller is responsible for carrying-out a data protection impact assessment, to evaluate the origin, nature and severity of that risk.
When GDPR is put into practice the verifying agencies carrying out background checks will have to tighten their processes. It will become a costly mistake if one does not anticipate any of the new ways in which that personal information can be placed at risk. Failure to comply with this new law may cost a company fines of up to 2% of annual turnover (worldwide) or €10 million (whichever is higher).
Now, there arises a need for a tool to determine and eliminate risks, prior to any new processes going live. DPIA – data protection impact assessment or PIA – a privacy impact assessment solves these issues by allowing privacy risks to be identified, understood and mitigated.
Dealing with large amounts of data is unavoidable while doing background checks for MNCs and international organisations. The following factors create a compelling need for rapid evolution of hiring practices.
- Changing requirements of the job market
- Candidates’ comfort throughout the verification process
Studies have shown that 56% of organisations reported that improving compliance is very beneficial to background screening practices, as it makes the candidate more comfortable with the process.
With these changing trends, a PIA can be used to help find the most effective way to comply with data protection obligations and check all the boxes in terms of privacy for the applicant and organisation.
Though these regulations are not yet mandatory, little steps towards complying with these regulations would help in the future to meet legal obligations.