How Will the GDPR Affect Your Social Media Screening Policy?

The technique of observing a job applicant's profiles and activity on social networking sites such as LinkedIn, Twitter, Facebook, Instagram, WhatsApp, and others is known as social media background screening.

The objective is to find out more about the applicant's past and establish if there is anything the organisation should be aware of before hiring them.

Social media screening enables businesses to gather an overview of the candidate by providing both negative and positive perspectives about them, empowering them to make better hiring decisions.

Irrespective of how common social media screening has become, the European Union (EU) is asking that businesses cease unless they meet a stringent new set of requirements that do not stop at the borders of its 28 member countries.

Definition of GDPR and who can get affected by GDPR

The UK Data Protection Act 1998 and other national data protection laws will be replaced by the General Data Protection Regulation (GDPR), which will also impose new regulations on certain organisations operating in the EU and others outside of it.

Additionally, it modifies several accepted ideas, so companies will need to assess their current procedures to ensure compliance. The GDPR is implied to:

• EU-based organisations that process personal data, irrespective of whether that processing occurs within the EU.
• Organizations from outside the EU that give goods or services to individuals in the EU without charging a fee.
• Non-EU organisations that keep an eye on people's actions in the EU.

Only personnel screening procedures that are already covered by EU legislation will be subject to the GDPR. The following screening procedures will be exempt from the GDPR:

• Screening EU nationals for employment outside the EU before recruiting them.
• Screening potential hires or employees who currently live in the EU but plan to relocate to the US, Canada, or another country for employment.

Impact of GDPR on Social Media Screening

The GDPR (Global Data Protection Regulation) is a set of rules which gives individuals control over their personal data and establishes a basic set of standards for all firms collecting, managing, and transferring individuals' personal data.

Individuals must agree to the processing of their personal data, and organisations that violate the new legislation may face fines of up to 4% of their annual global turnover or €20 million, whichever is larger.

Employers are also required by the GDPR to access social media accounts only when the data being sought is relevant to the employment being applied for.

The set of regulation advice organisations that prior to inspecting a social media profile, the employer should consider if the applicant's social media profile is linked to business or private reasons, since this might be an essential indicator for the legal validity of the data inspection.

Complygate Social Media Screening has been actively working to ensure GDPR compliance since the regulation was first drafted.

Risks associated with internal social media screening

Internally doing social media background checks has a lot of hazards. Restricted factors (including ethnicity, sexual orientation, and political attitude) are mistakenly revealed to internal personnel by searching through a candidate's social media sites.

Making employment decisions based on these qualities is inappropriate on both a legal and ethical level, whether it's done intentionally or not.

Internal employees are left open to allegations of unintentional or discriminating bias, which might be very expensive in any legal procedure.

It would be difficult to demonstrate that no discriminatory bias occurred if staff employees were given access to personal information about potential new personnel.

Using third party background screening provider

The only approach to minimize these dangers and the potential financial or reputational harm they can cause is to use a background screening service provided by a third party.

Internal personnel are less likely to receive training in data handling and may be less aware of the strict GDPR rules that must be followed, even though they may have the best of intentions.

Third-party screening service providers like Complygate are frequently certified externally to process sensitive data, are subject to external audits, and are governed by industry standards.

Complygate has no hidden intentions, and we only offer relevant, role-related risks in our reports. It is our role to demonstrate that the candidate possesses the required level of honesty and integrity for the position.