GDPR: What Happens Now? Chapter 2 – Background Screening Partners
In this post, Steve Girdler, Managing Director for EMEA & APAC, and Caroline Smith, Associate General Counsel for EMEA and APAC, discuss what companies are looking for from their background screening provider when it comes to the GDPR.
Welcome to our second video about the effects of the GDPR on the background screening industry. The first video – Chapter 1 – Transparency – talked about the importance of transparency in the background screening industry under the GDPR.
In this video, Steve Girdler, Managing Director for EMEA & APAC, and Caroline Smith, Associate General Counsel for EMEA and APAC, discuss what companies are looking for from their background screening provider when it comes to the GDPR.
Key Points
Companies are predominantly looking for a partner who understands the legislation and has embedded it within the organisation.
HireRight has agreements in place with its customers that set out all our obligations with respect to the GDPR.
Customers are really looking for partners that understand that the GDPR, if used correctly, can be a good thing.
Article 28 Obligations mean that a data processor is required to inform a data controller if they’re doing something they shouldn’t be, for example, if they’re in breach of the GDPR.
We often think of GDPR as a legislation regulation for Europe, but of course, it is extra-territorial.
The GDPR essentially means that if you’re processing data anywhere in the world, but it belongs to an EU resident, you must comply with the GDPR.
Screening under the GDPR must still meet other regulation requirements, for example, the Fair Credit Reporting Act (FCRA) in the US.
There are many regulations around the world that may have an impact on your business. Having a partner that understands that and has embedded them into the process is critical.
Chapter 2 – Background Screening Partners Video
This video is the second of four bite-sized snippets where HireRight’s Steve Girdler and Caroline Smith discuss background screening in the world post-GDPR, in particular, the impact that the GDPR has and will have on the background screening industry.
Watch the video here.
Background Screening Partners Under the GDPR Transcript
—
“What are companies looking for from background screening partners when it comes to the GDPR?”
—
CAROLINE
Predominantly, companies are looking for a partner who understands the legislation and has embedded it within the organisation. Now, what does that mean?
This means:
we’ve got robust policies in place
we manage our vendors and understand what our vendors are doing with data
we know where data is flowing to
we’ve done our data maps
we’ve agreements in place with those customers that set out all our obligations in respect to the GDPR
.
On top of that, customers are really looking for partners that understand that the GDPR, if you use it in the right way, can be a good thing. It can bring screening to a place where candidates are no longer fearful of their backgrounds being checked, enabling candidates to really fully understand what the process is.
STEVE
So, it’s really reassurance and confidence that a company they’re partnering with not only has all the policies and procedures in place, but actually has it at the heart of what they do and are genuinely able to be partners not just with them as organisations, but with their candidates.
CAROLINE
Yes, that’s right. One of the biggest changes under the GDPR is that processes have specific obligations, called Article 28 obligations. Talking about partnership, one of those articles under Article 28 talks about a data processor letting a data controller know if they’re doing something they shouldn’t be, for example, if they’re in breach of the GDPR.
Now, for us, that means that we must let our clients know if what they’re asking us to do is not lawful. However, it starts way before we get into the actual process: it starts at the point of sale.
We partner with all our customers to make sure that they understand
the products that are being sold
the products that are available
how they can be used in different jurisdictions
how they should be used with respect to different candidate pools
In this way, we can really support our customers with their GDPR compliance in a way that might not necessarily have been envisaged to start with. It’s certainly not black letter law, but it is that partnership and really helping people unravel what they need to do.
STEVE
You make a really interesting point there about the global nature of data. We often think of GDPR as a legislation regulation for Europe, but of course, it is extra-territorial. Every country has different laws and regulations, as well as legal structures around what you can and can’t do, and what you can and can’t source for the purposes of recruitment or screening. So being able to understand and have a partner like HireRight that understands what all of those complexities are and feeds that into the process is critical.
CAROLINE
The GDPR essentially means that if you’re processing data anywhere in the world, but it belongs to an EU resident, you must comply with the GDPR.
One of the big areas of this partnership for us is where we have customers that are located outside of Europe. That could be in the US, it could be APAC, where actually, you’re hiring expats, people from countries like the UK, France, or Germany. Helping those customers understand what their GDPR compliance obligations are and having them embedded within our platforms is really important. It means that you can feel like you’ve got a safe pair of hands making sure that you’re not going to fall foul of those laws because you’re going to have your own local obligations as well.
In the US, for example, we have the Fair Credit Reporting Act (FCRA). You must comply with that, but as well, you need to make sure that if your candidate is an EU resident, you’re screening them to GDPR standards.
STEVE
There are so many regulations around the world. Having a partner that understands that and has embedded them into the process is critical.
Release Date: November 9, 2018
HireRight
HireRight is a leading provider of on-demand employment background checks, drug and health screening, and electronic Form I-9 and E-Verify solutions that help employers automate, manage and control background screening and related programs.