- 14 Apr 2021
What are some basic FAQs regarding international checks compliance?
- Updated on 14 Apr 2021
The resources provided here are for educational purposes only and do not constitute legal advice. We advise you to consult your own counsel if you have legal questions related to your specific practices and compliance with applicable laws.
What is the GDPR?
The General Data Protection Regulation, or GDPR, is a European Union (EU) law that came into effect on May 25, 2018. It is intended to harmonize the various data protection laws across EU member states, improve protections for individual personal data, increase the rights of individuals as it relates to their personal data, and address how businesses handle the personal data of individuals who use their services. The GDPR also, importantly, regulates the transfer of personal data from the European Union to the United States and its subsequent processing.
What types of information does the GDPR regulate?
The GDPR regulates the use of personal data of individuals by organizations operating within the EU as well as organizations outside the EU that offer goods and services to individuals or businesses in the EU. Personal data is defined as any information that can be used to directly or indirectly identify an individual. The GDPR also provides heightened protections for certain categories of sensitive personal data such as genetic and biometric information, religious beliefs, and sexual orientation, however GoodHire does not currently process such sensitive data.
How does the GDPR affect my rights with regard to my personal data?
The GDPR, when it applies, allows candidates who live in the EU to exercise a number of rights related to the personal data collected or processed by an organization, called data subject rights. Subject to certain criteria based on various applicable laws and regulations, not limited to the GDPR, these include: the right to access your data, the right to have your data deleted, the right to have your data rectified, the right to request your data in a format that is portable, the right to object to or restrict the processing of your data, and the right to withdraw your consent to process your data.
What steps has GoodHire taken to help make it possible for me as an EU-based candidate to exercise my privacy rights under GDPR?
GoodHire, as a Consumer Reporting Agency regulated by the Fair Credit Reporting Act in the United States, is already subject to significant regulation related to the collection, management, and retention of individuals’ personal data. As a result, we are well prepared to meet the requirements of a law like the GDPR, including fulfilling data subject rights requests. Specifically, in terms of the right to access, GoodHire provides all candidates with copies of their background check report. We also already have in place a dispute process that allows candidates to request that their data be rectified. Further, candidates can revoke their consent for a background check, thereby allowing for a process to restrict or object to processing. Finally, reports are available to candidates in electronic format for easy portability.
Note that all data subject rights requests will be subject to an analysis of how various applicable laws overlap and will be handled accordingly. In other words, GoodHire will fulfill data subject rights when we can contractually and legally do so. If GDPR or similar data protection law is not applicable, GoodHire affords the same US-based FCRA rights of access and rectification to all individuals we screen, regardless of location. EU-based candidates with further GDPR-related questions may reach out to us at firstname.lastname@example.org, but please note that we cannot provide legal advice.
Are there data protection laws applicable to me if I am in a non-EU international location?
Yes. Following the implementation of the GDPR in 2018, a number of countries followed suit and instituted or revisited their own data protection laws. Countries with similarly heightened protections and rights for individuals as of the date of publication of this Q&A include Israel, Switzerland, Brazil, and the United Kingdom. This list is likely to evolve in the coming months and years due to continued, heightened scrutiny around the use of individuals’ personal data. If you have specific questions related to a law in one of the non-EU countries, please reach out to us at email@example.com but please note that we cannot provide legal advice.
For more information about GoodHire’s commitment to privacy compliance, please visit https://www.goodhire.com/privacy, where we outline Goodhire's voluntary compliance with the Swiss and EU Privacy Shield Framework to demonstrate our commitment to sound data security and transfer principles, and much more.