As the managing director of an American high-tech company, I’ve been struggling for some time to find the right person for a sales management vacancy in the EMEA region. Recently, I thought I’d found the ideal candidate. He had twenty years of sales experience in our specialist industry and a large international network. He scored well in all respects: technical interest, social qualities and the ambition to build something beautiful at our company. After extensive interview sessions – in which he spoke to all key people within our organization – we offered him a contract. We quickly agreed on the terms. The only adjustment he demanded was that he got a permanent appointment instead of a one-year contract.
It’s our standard procedure to check references. We also did that in this case. Not that I have any doubts about his abilities, but more backgrounds about his personality from professional practice can help me get him up to speed better and faster. Strangely enough, he saw little point in a reference check. He pointed to his recommendations on Linkedin, stating that this should be enough. His colleagues from more than ten years ago might not remember enough of him and his current coworkers aren’t allowed to provide references due to company policy. I’m not comfortable with this, but I don’t want to lose him as a future sales director. What can I do to get more background information about him?
The headhunter answers:
To be frank, since the introduction of the GDPR, checking references without the candidate’s consent has become a legal minefield. Requesting and providing backgrounds is a form of screening. References say something about an applicant and directly or indirectly identify him or her. This means that they can be regarded as personal data and thus the GDPR applies.
The main rule is that you can only request references if the GDPR requirements are met. In short, the screening needs to have a legitimate purpose and has to be necessary for that purpose and the applicant must be informed. Furthermore, there must be a processing basis (as stipulated in GDPR Article 6).
Conclusion: the applicant (former employee) needs to give permission to approach the sponsor (former employer) for references. Approaching the former employer without this consent may violate the GDPR. The same applies to the former employer providing references without permission. The question remains how this ‘consent requirement’ relates to the position of the Dutch Data Protection Authority, according to which permission in principle cannot be used as a valid processing basis in the relationship between a potential employer and an applicant.
It goes without saying that this legislation facilitates fantasists, cheaters and hard-core liars. Talking about future or former employees without permission can potentially lead to very unpleasant legal consequences (ie high fines).
In practice, however, information is obtained from candidates daily without permission having ever been given (backdoor reference checks). As soon as a résumé pops up in the inbox, the sender’s Linkedin profile is viewed for common contacts, skills & endorsements and recommendations. To avoid legal issues, many US companies have very strict reference policies. Some won’t invite you for interviews if you haven’t provided a list of references.
To get more backgrounds about your candidate’s personality, you can also consider having him psychologically examined. This usually produces very reliable and useful information.