Before delving into how background checks and GDPR work, and explore the guidelines that you, as an employer, need to follow, let’s first understand when and why background checks are necessary. Additionally, it’s important to differentiate between background checks and employment screening, as they involve different aspects. Understanding this difference will help determine which types of personal data are relevant for you to process.
Employment screening and background check
While recruitment and new hiring can be both exciting and time-consuming when it comes to paperwork, this paperwork is often a necessity in every recruitment process. In order to verify the person you are hiring, you will often need a Swedish identity number (or equivalent for international ID documents) to begin with. During the hiring process, you might have called the references of your new hires, checked their diplomas, and for some professions involving economy and finance (e.g., bank clerk), a background check of legal records is needed. This procedure is part of almost every hiring process; thus, it is highly recommended to process the candidate’s personal data in a secure and encrypted software program. This way, your organization can prevent data leakage and misuse by other parties.
When it comes to the terms ‘background check’ and ’employment screening,’ the key differentiation lies in their scope and focus. A background check primarily focuses on verifying the accuracy of the applicant’s history, they tell you who you are hiring by looking at their past. On the other hand, employment screening is a broader method to evaluate potential candidates. This includes background screening but also other assessments such as interviews, reference checks, skills tests, and drug screenings. In this sense, background checks and employment screening involve the responsibility of processing sensitive data.
Is it okay to do background checks according to the GDPR?
Yes, a background check performed in connection with new employment is permitted according to the GDPR. A legal basis for background checks is the legitimate interest. Your interest lies in the need to assess the integrity of the future employee and to ensure that the relevant minimum requirements are met.
The minimum requirements differ depending on the sector and role and can be, for example, educational requirements, qualifications of certain programmes, knowledge or work experience.
Download our White Paper on Background Checks and Privacy for more tips on how to carry out background checks and employment screening with regard to GDPR. Or contact us directly for more information.
Which personal data do you need to verify?
1. Identity information
This includes the applicant’s full name, date of birth, social security number (or equivalent), and any government-issued identification numbers.
2. Contact details
Employers typically collect the applicant’s address, phone number, and email address to facilitate communication.
3. Employment history
This involves gathering information about the applicant’s previous employers and job titles and dates of employment.
4. Educational background
Employers may verify the applicant’s educational qualifications, such as degrees, diplomas, and certificates, by requesting transcripts or contacting educational institutions.
5. Criminal records
Background checks may involve searching for any criminal convictions or pending charges against the applicant through official databases or third-party services.
How are background checks and privacy correlated?
The General Data Protection Regulation (GDPR) is the EU regulation that came into force in the European Union on 25 May 2018. The aim of GDPR is to protect individuals’ privacy and data, which is important in the context of a background check. According to GDPR, individuals have the right to know how their personal data is used and organisations are obliged to be transparent about how they collect, store and use this data.
Since the launch of GDPR, the same privacy rules for processing personal data apply across Europe. Forcing companies and governments to be more accountable for what they do with personal data is a good thing, but it does involve extra work and expertise. During a background check, it is important to be aware of the rules that apply to protect the person’s privacy.
What does the GDPR mention about background checks?
Conducting a background check is in itself an intrusion of someone’s privacy. Depending on the type of check, specific personal data is requested and checked. According to the GDPR, organisations that collect and process personal data must do so in a lawful, fair and transparent manner and have an obligation to protect this data from misuse and leakage. They must also inform individuals about how and why their data is being processed.
Integritetssäker bakgrundskontroll enligt GDPR med Validata
Three important GDPR guidelines you should keep in mind
In addition to the fact that there must be a legitimate interest to conduct a background check, there are some other guidelines that need to be followed. Here are examples of some of the most important ones that you should keep in mind before collecting and processing candidates’ personal data:
Our software Valluga is secure and we protect personal data both against loss and against unauthorized processing.
We have a data protection officer who is ready to challenge us on how we should process personal data and ensure compliance with all national and international laws and regulations. And all development naturally takes place with the help of built-in integrity.
We have ISO certification (27001 and 9001) which ensures that we always have high quality management and information security.
We can help with background checks in compliance with the GDPR
At Validata we guide you through the whole process. We protect the candidate’s personal data by complying with current legislation and can help your company with everything from setting up a screening policy to notifying the candidate that a background check will be carried out and what this will entail.
Through our many years of experience, we can advise your organisation and together ensure that you have a safe and secure work environment. With a pre-employment background check, you can be sure that the person you are hiring is who they claim to be. We guarantee that all data is verified as efficiently and securely as possible and in compliance with the GDPR.
Contact us for more information
Do you want to know more about background checks, GDPR and how we at Validata make sure that all personal data is handled according to current laws and regulations? You are more than welcome to contact us.
Contact us
Contact us
"*" indicates required fields
Contact us
"*" indicates required fields
Download the white paper
Download the white paper
Download the white paper
Contact us
"*" indicates required fields
Thanks for registering!
"*" indicates required fields
"*" indicates required fields