What is GDPR?
For companies—including A-Check—who conduct international research using personal data, it’s critical to both understand and comply with regional legislative regulations. Even though we reside in the United States, we do business in compliance with evolving international data regulations.
GDPR, the European Union’s General Data Protection Regulation, takes effect May 25, 2018, and is designed to strengthen data protection in the European Union (EU) by regulating the collection, use, and processing of personal information for citizens of the EU. This new law expands its impact and scope to now include:
- EU companies that process personal data
- Non-EU companies offering services to EU individuals
- Non-EU companies researching EU individuals in the EU (A-Check Global background screening, for example)
Personal Data includes any information relating to an identified person. For A-Check, this includes information like name, address, date of birth, and other data regularly collected during the background screening process.
A-Check Global’s focus on meeting upcoming GDPR requirements
The GDPR sets a number of rules into place for – Data Controllers: entities that collect data directly from an individual – Data Processors: entities that processes data on behalf of a Data Controller
As both a controller and processor, here’s how we will meet requirements of the regulation:
- Responsibility and Accountability – We will inform data subjects (EU Individuals) exactly who is responsible for their data, and provide adequate levels of data protection for all information we maintain.
- Lawful Basis for Processing – A-Check will obtain consent to process from the data subject, provide an explicit purpose for collecting their information (background screening), and allow them to withdraw consent at any time.
- Data Protection Officer – A-Check has internal resources assigned to GDPR efforts and ongoing compliance.
- Anonymization – A-Check encrypts personal data to ensure information cannot be tied back to the data subject without authorization.
- Data Breach Notification – While a number of security measures are in place, and we do not anticipate an information breach, A-Check has policies and procedures to notify GDPR Supervisory Authority within 72 hours of a known data breach. Procedures are also in place to notify affected data subject(s).
- Right of Access – A-Check allows applicants to request a copy of their report, and to be provided detailed information regarding the reasons we are collecting each piece of data we request.
- Right to Erasure – Data subjects will have the right to request that any personal data stored by a controller be deleted.
Will A-Check Global be GDPR certified?
GDPR is not a certification program, so A-Check Global will not maintain any sort of GDPR Certification. GDPR is a law, and similar to how we are FCRA compliant in the United States, we maintain compliance with the GDPR.
We do hold a Privacy Shield certification, which demonstrates to EU entities that our data security processes and commitment to data transfer protection meet EU standards. We invite you to visit us online to learn more about Privacy Shield.
If you have questions about the information contained in this document please feel free to reach out to our compliance team: firstname.lastname@example.org.