Welcome to our fourth and final video in our series about the effects of the GDPR on the background screening industry. Our third video looked at how a background screening provider can help businesses adhere to the GDPR.
In this video, Steve Girdler, Managing Director for EMEA and APAC, and Caroline Smith, Associate General Counsel for EMEA and APAC, discuss what the future of background screening might look like under the GDPR.
- Clients, employers and organisations, from small to regional to global, expect their screening partners to adhere to the robust and transparent policies that the GDPR requires.
- The GDPR drives greater compliance, greater accuracy and greater transparency in the background screening industry.
- We have ring-fenced all of our services, so if you’re in the EU, all of your data is going to be hosted and processed in the EU.
- It’s highly likely that we’re going to see some of the APAC countries band together and introduce a new legislation that’s similar to the GDPR, or at the very least, upgrade their current legislation.
- In the UK, certainly post-Brexit, our legislation is going to marry the GDPR.
Chapter 4 – The Future of Background Screening
This video is the last of four bite-sized snippets where HireRight’s Steve Girdler and Caroline Smith discuss background screening in the world post-GDPR, in particular, the impact that the GDPR has and will have on the background screening industry.
The Future of Background Screening Under the GDPR Transcript
In the world of GDPR, what do you think the future landscape of background screening looks like?
I think that compliance drives everything, which is a really good thing. Using compliance to ensure that your systems and policies are robust is a real positive. The impact of this is that your candidates can feel much more secure with the process, in a way that perhaps they didn’t before the GDPR.
It is the great fear of the unknown that makes people feel shaky about the screening process, so the more we tell our candidates up front, the better. This is where compliance drives us to be transparent, to be helpful, and to be informative.
What do you think from a business perspective?
Having frameworks and a focus on data privacy, transparency, and robust systems means that not only is it be adopted to a greater level throughout Europe and Asia, the demands on background screening providers like HireRight are also greater.
Clients, employers and organisations, from small to regional to global, expect their screening partners to adhere to the robust and transparent policies that the GDPR requires.
This puts an onus on organisations like us, but I think it’s a really good process. It’s a robust framework within which we can provide services to those customers within the GDPR. It drives greater compliance, greater accuracy and greater transparency in the industry.
The GDPR creates a level playing field within Europe, and every single member state has implemented the GDPR – it’s a regulation.
There may be some changes, but on the whole, the legislation is the same in each EU member state, which means there’s no trying to find a better jurisdiction to bring a claim or a better place to do business – everyone is doing business in the same way.
Also, if you are a citizen of the EU or the European Economic Area (EEA), if your data is being processed by somebody outside of Europe, the GDPR has an extraterritorial effect. This means that US providers, for example Amazon or Facebook, also have to comply with the GDPR.
This is really important because it allows businesses to do what they need to do, but also gives that comfort to individuals as well.
It’s about clarity and it’s about creating a level playing field. Let’s look more closely at our world, background screening.
One of the things we’re watching out for is how candidates behave.
We’ve generally, especially in the UK, had a relatively apathetic view of our data. But as we see more and more GDPR coverage in the press, are we going to suddenly see candidates making claims, and wanting to investigate how their data is used.
There have been some very high profile issues in 2018, which have brought data and how data is used to the forefront of people’s minds.
One of the biggest issues arising around the GDPR is how data is shared. So we ring-fenced all of our services, so if you’re in the EU, all of your data is hosted and processed in the EU. You don’t have to worry about that data being shared anywhere else.
The Impact of the GDPR in APAC
I think the biggest change ahead is possibly in the APAC region, looking to things like the GDPR in the near-future.
We know in 2011/12, there were a spate of activities in APAC where their legislation was brought up to the same standards as the EU directive. It’s highly likely that we’re going to see some of the APAC countries band together and introduce a new legislation that’s similar to the GDPR, or at the very least, upgrade their current legislation.
I think we’re also going to see that for any countries that have a current ruling of adequacy such as Canada and New Zealand. They will certainly be looking at their legislation to make sure that they retain their adequacy ruling and that they can bring their legislation up to the same standards as the GDPR.
This is all so that we can make sure that data can still freely flow around the globe, as it needs to do. Whether you’re a business or an individual, when you want to use services, the GDPR will help make sure that the right protections are in place around your data.
The GDPR is the first step in what I think will be a global move around data privacy.
APAC will likely adopt this sooner or later, but ultimately, the GDPR has become the gold standard for data privacy and data protection – but globally we’re not there yet.
So we built our systems, our IT, and our platforms to ensure that you can ring-fence your data, to be compliant with the GDPR.
If you are an EU resident, you can say that you don’t want your data going outside of the EU, and we can give that reassurance because that’s how we’ve built the systems.
If we use sources of data outside of the EU, then we’ll do so only with your consent. We’ll also just use that particular piece of data which needs to be verified. It’s not a huge amount of your personal data freely going around the world without your consent.
It is important to make sure that you’re using legislation to drive your process and policies, and that you’re embedding it within your organisation.
This means that you can have a consistent approach to your service, with compliance engines driving in the background to allow you to deliver that compliance service that your clients and candidates want.
In the UK, certainly post-Brexit, our legislation is going to marry the GDPR. We’re already seeing that activity and the awareness within governments that this is the gold standard. The UK will need to step up and meet the GDPR’s standards if we’re going to continue to be a player in business and in commerce.
External GDPR Resources
Find out more about the GDPR and what it means for your business on the European Commission’s website.
You can also read more about the GDPR on the Information Commissioner’s Office (ICO) website.
HireRight GDPR Resources
Read more about HireRight’s preparations for the GDPR in our 12-part blog series below.