General Data Protection Regulation is a regulation on data protection and privacy in the European Union and the European Economic Area. This regulation also addresses the transfer of personal data outside the EU and EEA areas.
GDPR was brought about by the fact that malicious insiders compromise intellectual property, personal data, or sensitive financial records.
The question though is if you are into staffing and hiring employees will GDPR cause conflict? It’s common practice that most companies go through the background screening process using the following:
- Social network data collection
- Criminal background checks
- Verifying educational and professional credentials
- Character check
So how do you ensure compliance and how to prevent your organization from GDPR infractions that can result in costly fines? Always default to laws governing employment and data protection using the process outlined below:
1. Refer to the Local Laws
You must first determine a legal basis for data processing before conducting a background check (or any other sort of processing). Consent is not regarded as an appropriate legal basis due to the evident power imbalance between employee and employer. It’s debatable whether a prospective employee has the right to freely grant and retract consent.
2. Benchmark
In order to strike a balance between your company’s needs and people’ rights and freedoms, establish and document the commercial benefits of conducting the background checks by benchmarking with other companies and how they do it.
3. Keep data collection & processing to a minimum
Use the data reduction principle to limit your background checks and personal data collecting to what is relevant and essential.
4. Uphold Transparency
Background checks on candidates should be done legally, equitably, and transparently. Explain to the candidate why you are conducting the background check before you begin.
5. Specify data retention period
It is important that you only preserve data for as long as is necessary to achieve your goals. To determine which data must be kept and archived by law and which data can be erased, you must not only follow the storage limitation principle but also research local rules and employment laws. When a candidate declines your offer, you should erase their data.
6. Regulate 3rd parties
Regulate and monitor any other parties (such partners or vendors) who will be engaged in the process, and explain their role transparently in the process by asking for sign offs and approval from where you are collecting private information.
To ensure compliance with the GDPR, you must educate candidates about data processing before the recruitment process begins. Remember that to make your background checks compliant and legal, there is also a need to consider any applicable national laws and regulations.