0

IN Conversation with Shakil Gour: How to handle compliance while performing Background checks globally?

Which region/ service in your experience has the most complex Employee Screening compliance laws?

Based on my experience in the global verification practice, EU has the most complex landscape with its stringent data security and privacy laws. The most recent and complex regulation is the GDPR compliance established in the EU data security landscape making background checks more rigid.

When it comes to service delivery, the criminal records check is undoubtedly the most complex to verify as information on an individual’s criminal records is considered most sensitive. Criminal checks involve high degrees of complexity and sensitivity as it deals directly with a candidate’s criminal background. Dealing with such sensitive information requires adequate research and understanding as every country has its own data security laws that need to be adhered to.

Could you provide examples of recent updates in Employee Screening compliance in the APAC region?

Many countries in the APAC region are in the process of amending their respective data protection laws. The Cyber Security Law in China is one such recent change that will have a huge impact the Employee Screening process.

NPC ( National Privacy Commission) – regulator of data privacy act in the Philippines is updating the terms of its current data protection laws. This change has imposed a mandate on all organizations processing personal data to register a DPO (Data Protection Officer) by the 9th of Sept 2017. The personal information controller is required to register all personal data processing systems by the 8th of Mar 2018.

India, until the recent supreme court verdict, did not have legislation on privacy or data protection laws. Now with privacy becoming a fundamental right in India, we expect the data protection model will undergo a radical transformation.

The data protection laws in Singapore is also witnessing a change that would impact the compliance programs. Currently, the compliance programs are under public consultation which is expected to witness an impact soon.

What are the key requirements while defining a global compliance strategy for an organization with the global presence?

The key requirement to consider while defining a global compliance strategy is to identify the most appropriate and registered source that keeps you abreast on dynamic compliance norms. Such sources of inputs ensure there is complete adherence to the statutory laws laid by each country.

The other critical factor to consider would be on how organizations interpret compliance updates and adhere to compliance norms with 100% accuracy.

Additionally, a well-defined global compliance strategy includes implementing a cost-effective solution for background checks. And as an employee screening provider, it is important to keep the client updated about the constant changes in compliance.

What is the biggest element that leads to breach in compliance during Employment Screening & how can organizations overcome it?

It is mandatory for organizations to understand, implement and comply with the various privacy laws and to stay abreast of the ongoing changes. Such constant updates on the statutory and legal laws can be received through a Triangulated framework that would involve 1. Research 2. Validation 3. Verification

Research entails analysis & listing of all the compliance & data protection laws specific to every country. The listed laws and compliance information is then validated by an Employee Screening partner before communicating it to the organization. Once validated, the law is verified by global audit firms thereby completing the framework. This framework helps organizations receive the most updated laws & compliance norms for implementation.

According to you, what kind of compliance aspects does a customer consider while assessing a vendor for selection?

  • The foremost requirement that customers consider while assessing a compliance vendor is the implementation of Information Security Controls by the screening provider. With relevant Information Security controls implemented, a majority of data privacy-related risks are eliminated
  • There is an increased emphasis on periodic audits by external parties on the privacy controls of the provider
  • Customers also look for a dedicated data protection officer/ legal department that is responsible for implementing relevant controls

From a compliance perspective, what are the risks of working on cloud vs. on-premise system for Employee Screening?

Working on the cloud requires an in-depth understanding of the compliance norms of the region where data is hosted. Hosting data on the cloud reduces risks related to data backup and increased operational costs.

On the contrary, on-premise models do not have a bearing on compliance norms of various regions as they is hosted locally. However, on-premise models include risks of a single point failure. Availability of data & operational costs is also a concern.

At the outsight, risks involved in on-premise out-weigh those incurred by using cloud-hosted models. Thus, choosing a cloud solution provider complying with compliance norms, data security & backup measures is always the best fit for any organization.

What is the key metrics that an organization should track to measure the effectiveness of the global compliance strategy implemented?

  • Tracking the number of compliance that an organization needs to adhere to
  • Creating a checklist and performing monthly audits to check compliance adherence levels
  • Maintaining consistent and high compliance scores and to identify its relative significance to performance month on month
  • Seeking external professional advice to check adherence to compliance and assess the effectiveness of audits

What would be your advice to organizations who perform screening for their global hires? 

Any organization should define a global screening policy with the help of an external and certified professional agencies. The policy should also include a global package matrix that details roles of new hires and a listing of background checks that are required to be performed. In addition to defining a well-structured policy, the organization should have a thorough understanding of the different checks that can be legally performed in the country where employees are being hired. Standardizing the employee screening process across the globe provides better & faster results.