GDPR: What Happens Now? Chapter 4 – The Future of Background Screening
In this video, Steve Girdler, Managing Director for EMEA and APAC, and Caroline Smith, Associate General Counsel for EMEA and APAC, discuss what the future of background screening might look like under the GDPR.
Welcome to our fourth and final video in our series about the effects of the GDPR on the background screening industry. Our third video looked at how a background screening provider can help businesses adhere to the GDPR.
In this video, Steve Girdler, Managing Director for EMEA and APAC, and Caroline Smith, Associate General Counsel for EMEA and APAC, discuss what the future of background screening might look like under the GDPR.
Key Points
Clients, employers, and organisations, from small to regional to global, expect their screening partners to adhere to the robust and transparent policies that the GDPR requires.
The GDPR drives greater compliance, greater accuracy, and greater transparency in the background screening industry.
We have ring-fenced all our services, so if you’re in the EU, all your data is going to be hosted and processed in the EU.
It’s highly likely that we’re going to see some of the APAC countries band together and introduce a new legislation that’s similar to the GDPR, or at the very least, upgrade their current legislation.
In the UK, certainly post-Brexit, our legislation is going to marry the GDPR.
Chapter 4 – The Future of Background Screening
This video is the last of four bite-sized snippets where HireRight’s Steve Girdler and Caroline Smith discuss background screening in the world post-GDPR, in particular, the impact that the GDPR has and will have on the background screening industry.
Watch the video here.
The Future of Background Screening Under the GDPR Transcript
STEVE
In the world of GDPR, what do you think the future landscape of background screening looks like?
—
CAROLINE
I think that compliance drives everything, which is a really good thing. Using compliance to ensure that your systems and policies are robust is a real positive. The impact of this is that your candidates can feel much more secure with the process, in a way that perhaps they didn’t before the GDPR.
It is the great fear of the unknown that makes people feel shaky about the screening process, so the more we tell our candidates up front, the better. This is where compliance drives us to be transparent, to be helpful, and to be informative.
What do you think from a business perspective?
—
STEVE
Having frameworks and a focus on data privacy, transparency, and robust systems means that not only is it be adopted to a greater level throughout Europe and Asia, the demands on background screening providers like HireRight are also greater.
Clients, employers, and organisations, from small to regional to global, expect their screening partners to adhere to the robust and transparent policies that the GDPR requires.
This puts an onus on organisations like us, but I think it’s a really good process. It’s a robust framework within which we can provide services to those customers within the GDPR. It drives greater compliance, greater accuracy, and greater transparency in the industry.
—
CAROLINE
The GDPR creates a level playing field within Europe, and every single member state has implemented the GDPR – it’s a regulation.
There may be some changes, but on the whole, the legislation is the same in each EU member state, which means there’s no trying to find a better jurisdiction to bring a claim or a better place to do business – everyone is doing business in the same way.
Also, if you are a citizen of the EU or the European Economic Area (EEA), if your data is being processed by somebody outside of Europe, the GDPR has an extraterritorial effect. This means that US providers, for example, Amazon or Facebook, also have to comply with the GDPR.
This is really important because it allows businesses to do what they need to do but also gives that comfort to individuals as well.
—
STEVE
It’s about clarity and it’s about creating a level playing field. Let’s look more closely at our world, background screening.
—
CAROLINE
One of the things we’re watching out for is how candidates behave.
We’ve generally, especially in the UK, had a relatively apathetic view of our data. But as we see more and more GDPR coverage in the press, are we going to suddenly see candidates making claims, and wanting to investigate how their data is used.
There have been some very high-profile issues in 2018, which have brought data and how data is used to the forefront of people’s minds.
One of the biggest issues arising around the GDPR is how data is shared. So we ring-fenced all of our services, so if you’re in the EU, all of your data is hosted and processed in the EU. You don’t have to worry about that data being shared anywhere else.
The Impact of the GDPR in APAC
I think the biggest change ahead is possibly in the APAC region, looking to things like the GDPR in the near future.
We know in 2011/12, there was a spate of activities in APAC where their legislation was brought up to the same standards as the EU directive. It’s highly likely that we’re going to see some of the APAC countries band together and introduce new legislation that’s similar to the GDPR, or at the very least, upgrade their current legislation.
I think we’re also going to see that for any countries that have a current ruling of adequacy such as Canada and New Zealand. They will certainly be looking at their legislation to make sure that they retain their adequacy ruling and that they can bring their legislation up to the same standards as the GDPR.
This is all so that we can make sure that data can still freely flow around the globe, as it needs to do. Whether you’re a business or an individual, when you want to use services, the GDPR will help make sure that the right protections are in place around your data.
—
STEVE
The GDPR is the first step in what I think will be a global move around data privacy.
APAC will likely adopt this sooner or later, but ultimately, the GDPR has become the gold standard for data privacy and data protection – but globally we’re not there yet.
So, we built our systems, our IT, and our platforms to ensure that you can ring-fence your data, to be compliant with the GDPR.
If you are an EU resident, you can say that you don’t want your data going outside of the EU, and we can give that reassurance because that’s how we’ve built the systems.
If we use sources of data outside of the EU, then we’ll do so only with your consent. We’ll also just use that particular piece of data that needs to be verified. It’s not a huge amount of your personal data freely going around the world without your consent.
—
CAROLINE
It is important to make sure that you’re using legislation to drive your process and policies, and that you’re embedding it within your organisation.
This means that you can have a consistent approach to your service, with compliance engines driving in the background to allow you to deliver that compliance service that your clients and candidates want.
In the UK, certainly post-Brexit, our legislation is going to marry the GDPR. We’re already seeing that activity and the awareness within governments that this is the gold standard. The UK will need to step up and meet the GDPR’s standards if we’re going to continue to be a player in business and in commerce.
—
External GDPR Resources
Find out more about the GDPR and what it means for your business on the European Commission’s website.
You can also read more about the GDPR on the Information Commissioner’s Office (ICO) website.
HireRight GDPR Resources
GDPR: What Happens Now? Chapter 1 – Transparency
GDPR: What Happens Now? Chapter 2 – Background Screening Partners
GDPR: What Happens Now? Chapter 3 – Helping Businesses Adhere to the GDPR
Release Date: January 25, 2019
HireRight
HireRight is a leading provider of on-demand employment background checks, drug and health screening, and electronic Form I-9 and E-Verify solutions that help employers automate, manage and control background screening and related programs.