Peopletrail Logo

Pre-Employment Screening & GDPR – Info Security & Compliance

Pre-Employment Screening and GDPR - Information security, risk, and compliance

The GDPR — or General Data Protection Regulation — is a set of European privacy rules that seek to protect European residents’ personal data. It was introduced to standardize data protection laws in countries belonging to the European Union. In particular, pre-employment screening and GDPR are now interlinked. To conduct such screening and checks, the employer must obey the rules and regulations.

Who Does It Affect?

GDPR will affect a variety of parties, whether they are European or not. Three categories are found. European companies that process the personal data for background checks, whether the processing is done in Europe. Non-European companies offering services or goods to residents in Europe have to follow the GDPR as well, even if no payment is required. Non-European companies that monitor persons’ behavior that take place within the European Union make up the last category. Therefore, all European Union citizens working in other territories or those planning to move and work in other countries are not affected.

How Does Screening and GDPR Work?

Employers have first to ask the applicants for consent before pre-employment screening commences. The applicant must give consent in clear language and be made aware of what information will be checked. After consent has been received, the company can then start the process. It is also possible to obtain consent several times for different checks, and the applicant must consent to each of them individually.

Should the applicant reject a pre-employment screening, the company should immediately cease all related checks. It is recommended that the company sit down and discuss with the applicant the reasons for restricting or rejecting the screening process. It is also important to note that the individual must object as easily as consent is provided. This means that all it takes for the applicant to change their mind is to state that they object in plain and clear words.

Just added recently. A new right for applicants in the new screening and GDPR rules is to transfer their personal data from party to party in some situations.

Common Types of Information Gathered 

It’s important to note that all of these categories may not be required by all industries or companies. Whether you need to obtain these different categories of information should be consulted with a reputable party. As always, consent must first be obtained from the applicant.

Some of the information that a pre-employment screening might require includes the right to work, qualifications and skills, academic credentials, and criminal records. There are many more, and each of them has different requirements as well. Employers must be vigilant and aware of allowed or not allowed practices to collect this data.

What are the Risks?

Before a company conducts a pre-employment screening, it must be aware of the restrictions and newer guidelines of GDPR. When third-party background providers are contracted to perform the data processing, there is room for risk. For example, the background checking company may be located in the USA, but the company the check is performed on behalf of is a European company. This means that the third-party company must comply with GDPR requirements. If the guidelines and rules are violated in any shape or form, there are heavy fines that can be 4% of a yearly worldwide turnover or €20 million. The greater number is often chosen over the smaller fine.

A Focus on Compliance

What can be done to avoid the fines and risks? Companies are supposed to be aware of all the GDPR requirements. The policies must reflect the guidelines and updated frequently, as neglecting to do so may result in mistakes. Selecting only relevant information to be checked will also simplify the process. Doing so will prevent overstepping the bounds of what is allowed by GDPR rules and regulations.

If a position does not entail driving on behalf of the company, the pre-employment screening should not check for driving offenses. Only when the company is hiring for a truck driver should a check in this particular area be conducted.

It is also better to conduct a check at the later stages of recruitment. This will mean only successful applicants will undergo background checks, which will save time.


Screening and GDPR may be complicated, but both are intertwined and cannot be avoided. Seeking out a reliable company to provide screening services is the ideal solution. The right company is not only well-versed in GDPR requirements, but we are also always up to date with new developments, as well.

Share our Blog