How can background checks be carried out after a person has been hired?
As mentioned, it is possible to carry out background checks even after a person has been hired. Such a check is often referred to as an internal or ongoing background check.
For a background check on an employee to be lawful, you as an employer must have a legitimate interest in the check and process personal data in accordance with the GDPR. Furthermore, the check must be relevant to the role and you must be clear about the purpose of the check.
In practice, this means you cannot carry out checks without cause. However, background checks may be justified in several situations where the organisation’s security or responsibilities change.
When might background checks on employees be necessary?
There are several situations where employers may need to verify information about a person already working within the organisation.
A common situation is when an employee changes role or is promoted and consequently takes on greater responsibility. For example, if a person moves from an operational role to a position involving financial responsibility, access to sensitive systems or strategic decision-making, it may be appropriate to carry out a new background check.
Background checks may also be relevant when:
- an employee gains access to sensitive information or critical systems
- the organisation is subject to new regulatory or compliance requirements
- the business operates in security-sensitive sectors
- the company carries out regular checks as part of its risk management
In certain sectors, such as banking, finance and security-critical infrastructure, continuous background checks are an established part of internal control and security work.
Avoid 7 common mistakes when screening critical roles in industry and energy
Learn how to avoid common mistakes in background checks for critical roles. Improve compliance, reduce risks and strengthen operational security.
Background checks as part of the organisation’s risk management
Background checks should not always be viewed as a standalone check during recruitment, but rather as part of your organisation’s broader risk management efforts.
An employee’s circumstances can change over time. Financial situations, corporate engagements or other factors may develop in ways that affect their role within the organisation. By implementing clear screening procedures, you can identify risks at an early stage and create a safer working environment.
Many organisations therefore choose to introduce screening policies that specify when background checks may be carried out and how often they can be repeated. In some organisations, for example, checks are carried out every three or five years for roles with greater responsibility
Critical infrastructure is under increasing pressure
Learn how organisations can establish structured control over access to critical infrastructure through background checks, governance and compliance.
What checks can be carried out after employment?
The checks that are relevant always depend on the role and your organisation’s risk level. In many cases, similar checks to those used during recruitment are employed, but tailored to the employee’s responsibilities and duties.
This may involve, for example, verifying details regarding work permit check, driving licence or corporate directorships, as well as, in certain cases, carrying out financial or legal checks where relevant to the role.
The most important thing is that the check is proportionate and relevant. The aim is not to monitor employees, but to ensure that the organisation can continue to place its trust in individuals in roles with significant responsibility.
Transparency is crucial
When background checks are carried out after employment, transparency is particularly important. Employees should know why the check is being carried out, what information is being checked and how the information is handled.
A clear policy on background checks can therefore be an important tool. It creates predictability for both employers and employees and makes it easier to carry out checks in a legally compliant and professional manner.
How DISA can help
Carrying out background checks on employees requires both legal knowledge and a structured process. The checks must be relevant to the role, carried out in accordance with the GDPR, and managed in a way that protects both the organisation and the employee.
DISA helps your organisation carry out background checks both before and during employment via a secure digital platform. You can easily order checks, track the process and receive a clear report that provides a fact-based basis for decision-making.
By combining technology, legal expertise and international screening expertise, we help you create a secure and professional process for background checks – whether they are carried out during the recruitment process or whilst the employee is in post.
How can we help you?
No two organisations are the same. Talk to us and we’ll help you find the right setup based on your needs.
Frequently asked questions about post-employment background checks
Yes, in certain cases employers can carry out background checks even after a person has been hired. However, this requires a clear purpose and a legitimate interest, and the check must be carried out in accordance with the GDPR.
This varies depending on the industry and role. In many organisations, checks are carried out regularly, for example every three or five years for roles with greater responsibility.
Yes. The employer must be transparent about why the check is being carried out and how personal data is handled.