IN Conversation with Shakil Gour: How to handle compliance while performing Background checks globally?
Which region/ service in your experience has the most complex Employee Screening compliance laws?
Based on my experience in the global verification practice, the EU has the most complex landscape with its stringent data security and privacy laws. The most recent and complex regulation is the GDPR compliance established in the EU data security landscape making background checks more rigid.
When it comes to service delivery, the criminal records check is undoubtedly the most complex to verify as information on an individual’s criminal records is considered the most sensitive. Criminal checks involve high degrees of complexity and sensitivity as it deals directly with a candidate’s criminal background. Dealing with such sensitive information requires adequate research and understanding as every country has its data security laws that need to be adhered to.
Could you provide examples of recent updates in Employee Screening compliance in the APAC region?
Many countries in the APAC region are in the process of amending their respective data protection laws. The Cyber Security Law in China is one such recent change that will have a huge impact on the Employee Screening process.
NPC (National Privacy Commission) – the regulator of the data privacy act in the Philippines is updating the terms of its current data protection laws. This change has imposed a mandate on all organizations processing personal data to register a DPO (Data Protection Officer) by the 9th of Sept 2017. The personal information controller is required to register all personal data processing systems by the 8th of Mar 2018.
India, until the recent supreme court verdict, did not have legislation on privacy or data protection laws. Now with privacy becoming a fundamental right in India, we expect the data protection model will undergo a radical transformation.
The data protection laws in Singapore are also witnessing a change that would impact compliance programs. Currently, the compliance programs are under public consultation which is expected to witness an impact soon.
What are the key requirements while defining a global compliance strategy for an organization with a global presence?
The key requirement to consider while defining a global compliance strategy is to identify the most appropriate and registered source that keeps you abreast of dynamic compliance norms. Such sources of input ensure there is complete adherence to the statutory laws laid by each country.
The other critical factor to consider would be how organizations interpret compliance updates and adhere to compliance norms with 100% accuracy.
Additionally, a well-defined global compliance strategy includes implementing a cost-effective solution for background checks. And as an employee screening provider, it is important to keep the client updated about the constant changes in compliance.
What is the biggest element that leads to a breach in compliance during Employment Screening & how can organizations overcome it?
Organizations must understand, implement and comply with the various privacy laws and stay abreast of the ongoing changes. Such constant updates on the statutory and legal laws can be received through a Triangulated framework that would involve 1. Research 2. Validation 3. Verification
The research entails analysis & listing of all the compliance & data protection laws specific to every country. The listed laws and compliance information is then validated by an Employee Screening partner before communicating it to the organization. Once validated, the law is verified by global audit firms thereby completing the framework. This framework helps organizations receive the most updated laws & compliance norms for implementation.
According to you, what kind of compliance aspects does a customer consider while assessing a vendor for selection?
· The foremost requirement that customers consider while assessing a compliance vendor is the implementation of Information Security Controls by the screening provider. With relevant Information Security controls implemented, a majority of data privacy-related risks are eliminated
· There is an increased emphasis on periodic audits by external parties on the privacy controls of the provider
· Customers also look for a dedicated data protection officer/ legal department that is responsible for implementing relevant controls
From a compliance perspective, what are the risks of working on a cloud vs. on-premise system for Employee Screening?
Working on the cloud requires an in-depth understanding of the compliance norms of the region where data is hosted. Hosting data on the cloud reduces risks related to data backup and increases operational costs.
On the contrary, on-premise models do not have a bearing on compliance norms of various regions as they are hosted locally. However, on-premise models include risks of a single-point failure. Availability of data & operational costs is also a concern.
At the outsight, risks involved in on-premise outweigh those incurred by using cloud-hosted models. Thus, choosing a cloud solution provider complying with compliance norms, data security & backup measures is always the best fit for any organization.
What are the key metrics that an organization should track to measure the effectiveness of the global compliance strategy implemented?
· Tracking the number of compliance that an organization needs to adhere to
· Creating a checklist and performing monthly audits to check compliance adherence levels
· Maintaining consistent and high compliance scores and identifying their relative significance to performance month on month
· Seeking external professional advice to check adherence to compliance and assess the effectiveness of audits
What would be your advice to organizations that perform screening for their global hires?
Any organization should define a global screening policy with the help of an external and certified professional agency. The policy should also include a global package matrix that details the roles of new hires and a listing of background checks that are required to be performed. In addition to defining a well-structured policy, the organization should have a thorough understanding of the different checks that can be legally performed in the country where employees are being hired. Standardizing the employee screening process across the globe provides better & faster results.
If you are you on the lookout for a business partner to help overcome the international screening hurdles? Write to us at amy.james@screenxchange.com