Role
Background checks should be tailored to the specific role to ensure the appropriate level of scrutiny. For more junior or operational roles, basic checks such as identity verification and employment history verification are often sufficient. For more senior or strategic roles, more comprehensive background checks may be required.
Industry
Different industries have different requirements and regulations, which influence which background checks are appropriate. In sectors such as healthcare, education and care services, criminal record checks may be a legal requirement (depending on the role), while the financial sector often requires credit checks. In technical or specialist roles, the focus is more often on verifying education, certifications and professional competence.
Responsibility
The general rule is that the greater the responsibility associated with a role, the more extensive the background checks should be — but the type of responsibility also determines which checks are relevant.
- Financial responsibility
Responsibilities such as managing budgets, payments or accounting often justify credit checks. Roles with access to sensitive information, such as personal data, trade secrets or classified information, may require more in-depth screening. - Management or people responsibility
Roles involving leadership or responsibility for staff typically carry a higher level of trust and organisational influence, which may justify broader background checks. Positions where the individual represents the organisation externally or impacts the brand may also require checks such as social media or online screening. - Level of autonomy and decision-making authority
The more independent the role and the greater its impact on the organisation, the more important it is to ensure a thorough and well-balanced background check.
Access
The level of access a role provides — for example to systems, data or financial resources — is a key factor in determining how background checks should be designed. Access to sensitive information, customer data or business-critical systems requires a higher level of scrutiny, regardless of the job title.
It is therefore important to maintain clear control over permissions and access rights, and to regularly review who has access to what. Background checks form part of this process by ensuring that the right individuals are granted the appropriate level of access from the outset. Even roles with limited formal responsibility can pose increased risk if they involve high levels of access, which means checks need to be adapted accordingly.
Risk
The risk perspective focuses on understanding the potential impact an individual may have on the organisation — financially, operationally, or in terms of security and reputation. Internal risks, such as poor decision-making, misconduct or mishandling of sensitive information, can have significant consequences if not addressed in time.
By identifying the risks associated with a role, employers can better determine which background checks are justified. This enables a proactive approach that reduces the likelihood of incidents, while ensuring that the level of screening remains proportionate.
Tailoring background checks with different screening profiles
DISA’s clients work with background checks based on different screening profiles. These are often defined within an internal screening policy, where the organisation has assessed which checks should be carried out for different roles, positions or departments.
This provides a structured and efficient way to ensure that background checks are both relevant and proportionate, while also maintaining consistency across the organisation.
Here are examples of some screening profiles used by our clients:
Basic
Background checks: Criminal record check, reference check & identity verification.
Example roles:
- Retail assistant
- Warehouse worker
- Receptionist
- Customer service representative
- Junior administrator
This profile is suitable for roles with limited responsibility and low access to sensitive information, where it is still important to ensure a basic level of trust.
Intermediate
Background checks: Criminal record check, reference check, identity verification & education verification.
Example roles:
- Project manager
- HR specialist
- IT technician / system administrator
- Nurse
- Team leader
For roles with some financial responsibility, a credit check may also be relevant, for example for project managers with budget responsibility or team leaders with cost responsibility.
A key difference with this profile is the verification of education and qualifications, which is particularly important in roles where formal education or certifications are required to perform the job. This profile is therefore suited to roles with increased responsibility and some access to systems, data or personnel information, where both competence and background need to be verified more thoroughly.
Comprehensive
Background checks: Criminal record check, reference check, credit check, directorship/company involvement check, education verification, identity verification, online screening, PEP/sanctions screening.
Example roles:
- CFO / Finance Director
- CEO or executive leadership team
- Compliance officer
- Senior financial analyst
- Procurement manager with significant budget responsibility
This profile involves a full review of background, financial standing and external affiliations, making it particularly relevant for roles with high risk, significant financial responsibility or strategic influence. In these cases, ensuring regulatory compliance and minimising business risk is critical.
In addition, further checks may be required depending on the specific requirements of the role. For certain positions, this may include driving licence checks, while candidates with an international background may require right-to-work verification or international background checks.
Would you like to learn more about how this could look for your organisation?
Speak to us and we’ll help you find the right setup based on your needs.
GDPR and the principle of proportionality
For background checks to be lawful, the process must comply with GDPR and the principle of proportionality. This means that each check should be carefully assessed based on the specific requirements and risks associated with the role.
Under GDPR, the processing of personal data must be adequate, relevant and limited to what is necessary in relation to its purpose. This means that background checks must be proportionate and based on relevant and lawful sources — not simply on what information is available.
In practice, this means that employers should not carry out more or more extensive checks than what is justified by the role, industry and level of responsibility. A check that is reasonable in a security-cleared or financial role may be disproportionate in a more operational position with a lower risk level.
By taking into account the role’s responsibilities, industry requirements and the actual risk profile, employers can ensure that background checks are both relevant and lawful. This creates a process that is not only effective, but also respects the candidate’s privacy and complies with GDPR.
Want to learn more about background checks and privacy?
In our white paper Secure background checks in line with GDPR, we outline the key rules for handling personal data in recruitment and share three practical tips on how to conduct compliant background checks.
What happens if you get it wrong?
Poorly tailored background checks can have several consequences — both for the organisation and the candidate. Checks that are too extensive or irrelevant may lead to non-compliance with GDPR and damage candidate trust. On the other hand, checks that are too superficial may result in risks going undetected, which can lead to both financial and operational consequences.
The issue has also received increased attention in Sweden, where several trade unions have raised concerns around privacy, transparency and how candidate data is used in recruitment processes. This places greater demands on employers to clearly justify why a particular check is carried out and how it relates to the role.
By working in a structured and needs-based way — taking into account role, responsibility, risk and access — employers can both reduce business risks and ensure that background checks are perceived as relevant, fair and proportionate.
Background checks before and during employment – a process that evolves with the role over time
Background checks can be divided into two main categories: checks carried out before employment and checks conducted during ongoing employment. Both play an important role in ensuring the right person is in the right position — over time.
- Pre-employment checks are carried out during the recruitment process and aim to verify that the candidate meets the requirements of the role. This may include identity verification, employment history, education or other role-specific checks depending on the level of responsibility and industry.
- In-employment checks take place after a person has been hired. These may be relevant in roles where the risk profile changes over time, for example due to promotion or changes in responsibilities. They may also involve recurring checks in highly regulated industries, where ongoing monitoring is required.
By working with background checks both before and during employment, employers can create a more long-term and adaptable process, where checks evolve in line with the role and the organisation’s needs.
When is an enhanced background check needed?
In some cases, a basic background check is not sufficient — particularly for roles with higher risk or greater impact on the organisation. In such situations, an enhanced background check may be a relevant next step. This involves a more comprehensive review of the candidate, where additional elements are verified and analysed to provide a more complete picture.
In addition to basic checks such as identity verification, an enhanced check may include verification of education and employment history, income verification, as well as online and social media screening.
By using enhanced background checks, employers can further tailor the level of screening to the role’s requirements and risk profile, thereby strengthening both security and the overall quality of the recruitment process.
Tailored and compliant background checks with DISA
Adapting background checks is fundamentally about balancing multiple factors — role, industry, responsibility, access and risk. There is rarely a one-size-fits-all solution.
By taking a structured and needs-based approach, organisations can reduce risks, meet regulatory requirements and create a more fair and transparent process for candidates. It is only when all these perspectives are considered together that background checks become both effective and sustainable over time.
At DISA, we help organisations define the right level of background checks based on their specific needs and risk profile. Would you like to see what this could look like for your organisation?
Get in touch
At DISA, we help organisations create tailored background checks based on their specific needs. Book a meeting with us or get in touch via the contact form to learn more.
No. Even with consent, background checks must comply with GDPR. This means that the information collected must be relevant, proportionate and linked to a clear purpose.
This depends on the role’s risk level and how responsibilities change over time. In some roles, a check at the point of hiring may be sufficient, while others require ongoing monitoring — for example, in cases of promotion or changes in responsibilities.
At the same time, it is important that checks are carried out in a structured way rather than on an ad hoc basis. Driving licence checks are one example where ongoing and systematic monitoring is more appropriate than one-off checks. In roles with elevated security risks, recurring checks such as credit checks or criminal record checks may also be justified to ensure continued suitability over time.
If checks are perceived as relevant and transparent, they can strengthen trust in the employer. However, if they are seen as unclear or disproportionate, they may have the opposite effect.