U.S. Employers Performing International Background Checks in EU Face GDPR Enforcement Starting May 25

Written By ESR News Blog Editor Thomas Ahearn

On May 25, 2018, enforcement of the General Data Protection Regulation (GDPR) – which has been called “the most important data privacy regulation in 20 years” – will begin and the GDPR will be the primary law regulating how companies protect the personal data of citizens in the European Union (EU). U.S. employers performing international background checks in the EU must comply with the GDPR or face penalties of up to four percent of annual global turnover or €20 million Euros ($23+ million Dollars).

The GDPR – which was approved by the EU Parliament on April 14, 2016 – will replace the Data Protection Directive 95/46/ec established in 1995 and is designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy, and to reshape the way organizations approach data privacy. The aim of the GDPR is to protect EU citizens from data breaches in an increasingly information-driven world vastly different from the time when the 1995 directive was established.

What organizations will enforcement of the GDPR affect starting on May 25, 2018? The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to – or monitor the behavior of – EU data subjects. The GDPR applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. The complete text of the GDPR is here.

The EU is an economic and political partnership between European countries that covers much of the continent of Europe. In alphabetical order, the 28 member countries of the EU include Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom. More information on “Brexit” is available here.

Compliance with GDPR will require an even greater degree of information security from U.S. companies and will enhance the EU-U.S. Privacy Shield Framework officially launched on August 1, 2016. The Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission (EC) to provide companies that transfer personal data from the EU to the U.S. with a mechanism to comply with EU data protection requirements in support of transatlantic commerce.

The EU-U.S. Privacy Shield Framework – which replaced the “Safe Harbor” data transfer agreement between the EU and U.S. that was invalidated by a European Court of Justice ruling on October 6, 2015 – includes seven commonly recognized privacy principles combined with 16 equally binding supplemental principles that explain and augment the first seven principles. The 23 Privacy Shield Principles explain the requirements for the use of personal data received from the EU by participating organizations.

ESR Adheres to EU GDPR and EU-U.S. & Swiss-U.S. Privacy Shield Framework

Employment Screening Resources (ESR) – a leading global background check firm – has international screening solutions that incorporate fully compliant GDPR policies, procedures, and technologies to help employers screen EU residents under the new regulations. ESR has also self-certified its adherence to the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework with the U.S. Department of Commerce’s International Trade Administration (ITA). To learn more about ESR, visit www.esrcheck.com.

ESR has augmented its system to provide its clients with GDPR related tools. ESR can present and collect the consent from the subject for the Controller to obtain and process personal information. ESR can present any other client provided documents and/or country specific statements of rights and obtain an acknowledgment of receipt by the subject. ESR also supports the various rights of the data subject including but not limited to: Right to Information; Right to Access; Right to Rectification; Right to Restrict Processing; Right to Object; Right to Erasure; and Right to Data Portability.

NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this website is for educational purposes only.

© 2018 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.