Two Weeks To Go Until the GDPR Takes Effect

Posted · Add Comment

With a go-live date of 25th May 2018, it is the final countdown to get your processes in alignment with the new General Data Protection Regulation (“GDPR”). Whether you are based in or have customers within the European Union, the GDPR will have an impact on the way that you do business. As such many global businesses have been hard at work preparing for the upcoming changes. But, is your business ready for the GDPR?

Our 2018 EMEA Employment Background Screening Benchmark Report revealed that only 69% of businesses were “fully prepared” for the GDPR. In the U.S. this figure was only 39%, with just 32% knowing the difference between the GDPR and the current Data Protection Directive.

GDPR White Paper

HireRight recently co-hosted a roundtable discussing GDPR in London with law firm Morgan, Lewis & Bockius. After the event we prepared a white paper entitled ‘The Global GDPR Countdown’, which is now available as a free download from our resource library. The paper contains an introduction to the GDPR and background screening, answers to 12 questions raised during the roundtable, and a case study on how HireRight has prepared for the GDPR.

Preparing for the GDPR

Since June last year Caroline Smith, HireRight’s Associate General Counsel for EMEA and APAC, has been writing monthly blog posts covering key issues that will affect background screening under the GDPR including:

Candidate consent – New guidelines on how this must be obtained

Data mapping – Where does your data go and who has access to it?

Subject Access Rights (SAR) – Updates to Subject Access Rights for candidates

The right to be forgotten – A candidate’s right to have information held on them removed

Vendor management – Ensuring your company’s vendor management plan is up to scratch

Privacy Impact Assessments (PIAs) – Assessing the risks of the data that you handle

Data breach – Different types of data breach and the actions required if a data breach occurs

Data transfers – How and where data can be transferred under the GDPR

Security & technical measures – How HireRight’s security is prepared for the GDPR

Data Processing Agreements (DPAs) – The agreement between data controllers and data processors regarding how data is handled

Liability – The potential fines for data processors and data controllers for non-compliance

At HireRight we’ve been hard at work to ensure GDPR compliance and invested significantly in our platform and IT infrastructure, adding new data centres in Europe and the US and obtaining ISO 27001 certification in EMEA.

We hope you find these resources helpful. Please do get in touch if you have any further questions about HireRight’s preparation for the GDPR.

Steve Girdler, HireRight Managing Director, EMEA and APAC

Steve Girdler

Steve Girdler

Steve Girdler is HireRight’s Managing Director for EMEA and APAC, responsible for growing HireRight’s client base and capabilities in the regions, with offices in various locations including UK and Poland.

More Posts - Website

Follow Me:

The HireRight Blog is provided for informational purposes only and should not be construed as legal advice. Any statutes or laws cited in this article should be read in their entirety. If you or your customers have questions concerning compliance and obligations under United States or International laws or regulations, we suggest that you address these directly with your legal department or outside counsel.

Comments are closed.