With a go-live date of 25th May 2018, it is the final countdown to get your processes in alignment with the new General Data Protection Regulation (“GDPR”). Whether you are based in or have customers within the European Union, the GDPR will have an impact on the way that you do business. As such many global businesses have been hard at work preparing for the upcoming changes. But, is your business ready for the GDPR?
Our 2018 EMEA Employment Background Screening Benchmark Report revealed that only 69% of businesses were “fully prepared” for the GDPR. In the U.S. this figure was only 39%, with just 32% knowing the difference between the GDPR and the current Data Protection Directive.
GDPR White Paper
HireRight recently co-hosted a roundtable discussing GDPR in London with law firm Morgan, Lewis & Bockius. After the event we prepared a white paper entitled ‘The Global GDPR Countdown’, which is now available as a free download from our resource library. The paper contains an introduction to the GDPR and background screening, answers to 12 questions raised during the roundtable, and a case study on how HireRight has prepared for the GDPR.
Preparing for the GDPR
Since June last year Caroline Smith, HireRight’s Associate General Counsel for EMEA and APAC, has been writing monthly blog posts covering key issues that will affect background screening under the GDPR including:
• Candidate consent – New guidelines on how this must be obtained
• Data mapping – Where does your data go and who has access to it?
• Subject Access Rights (SAR) – Updates to Subject Access Rights for candidates
• The right to be forgotten – A candidate’s right to have information held on them removed
• Vendor management – Ensuring your company’s vendor management plan is up to scratch
• Privacy Impact Assessments (PIAs) – Assessing the risks of the data that you handle
• Data breach – Different types of data breach and the actions required if a data breach occurs
• Data transfers – How and where data can be transferred under the GDPR
• Security & technical measures – How HireRight’s security is prepared for the GDPR
• Data Processing Agreements (DPAs) – The agreement between data controllers and data processors regarding how data is handled
• Liability – The potential fines for data processors and data controllers for non-compliance
At HireRight we’ve been hard at work to ensure GDPR compliance and invested significantly in our platform and IT infrastructure, adding new data centres in Europe and the US and obtaining ISO 27001 certification in EMEA.
We hope you find these resources helpful. Please do get in touch if you have any further questions about HireRight’s preparation for the GDPR.
Steve Girdler, HireRight Managing Director, EMEA and APAC