Blog Image
Profile Image Verifile
January 31 2018

Background Screening and GDPR Compliance: What You Need to Know

As you will be aware, GDPR (General Data Protection Regulation) is to be adopted from the 25th May 2018. We wanted to let you know exactly what this means for your background checking process with Verifile. 

Simply put, it is business as usual in the way we manage your data, so there is no need to be concerned. Nothing is going to change in the way we deliver our service to you, we are changing our contracts and some of our policies to incorporate the new regulations.

Although our service is already compliant in the way we carry out your screening, we wanted to assure you that we take the regulations seriously. We have appointed GDPR experts Shoosmiths, and we are working closely with their dedicated Data & Privacy team to ensure our process and contracts reflect the new regulations. Over time we will be sending you an updated contract that reflects the changes.

Sebastian Price a Partner at Shoosmiths “We’re excited about working with Verifile, a leader in screening services, and we’re impressed with how they’re dealing with GDPR"

 

Data security is and has always been of paramount importance to us, and we already hold several certifications in data security giving you the highest level of security possible.

Our Data Security Certifications include:

ISO 27001 Demonstrating the management and protection of valuable data and information assets.

ISO 9001 The international standard that specifies requirements for a quality management System.

Cyber Essentials Plus This means our systems are independently tested, along with Cyber Essentials being integrated into our organisation’s information risk management processes.

NSI Gold All personnel within Verifile have been security screened to British Standard 7858. Our screening services are independently certified to NSI Gold.

All of our data is stored in the UK, where on-site and off-site backups are fully maintained. All backups are encrypted and held within a secure, alarmed environment.

Our privacy notices are being reviewed by Shoosmiths to ensure we comply with the level of openness and transparency required under the GDPR. We are also reaching out to our suppliers to adjust contracts to make sure our relationship with them is compliant and to take another opportunity to ensure that they have appropriate security measures in place.

Here is a quick overview of what GDPR is and what actions are required to ensure your screening program remains uninterrupted going forward.

What is GDPR and does it apply to me?

The GDPR is a new, EU-wide privacy law that generally applies to businesses operating in, or selling products and services into the EU. It supplements the country-by-country laws that are in place today. GDPR generally applies to all personal data collected by European companies, and may also apply to data collected by non-EU companies for employees and applicants who will be working in the EU.

The GDPR likely does not apply to non-EU companies that are either: (1) screening EU citizens living outside of the EU for work outside of the EU; or (2) employees or applicants currently in the EU who are being screened before moving to the U.S, Canada or elsewhere to work. 

Please note that if you are not sure whether or not the GDPR applies to you, please consult your privacy officer or seek legal advice. Verifile cannot provide advice specific to your situation.

If GDPR does apply to you, your next step will be to sign a data processing agreement (DPA) with Verifile. We will send the DPA to you via email in due course. We’ll also email you again with more information about this step nearer the time. Due to the unique nature of Verifile’s data processing activities, we offer a standardised screening-specific DPA that is not available for customisation.

Where can I get more information on GDPR?

We will send out another email to give you more details about the actions you’ll need to take about the DPA step outlined above. In the meantime, you can find frequently asked questions about GDPR here.

We’re really keen to make sure you understand GDPR and any implications for you - so should you have any questions or concerns, please do reach out to your Verifile Account Manager, or contact our client services on 01234 339350