Login
Get Started

Avoid Hiring Regret: How To Run POPIA Compliant Background Checks

Background checks have become an essential step in the hiring process, but in South Africa, they come with strict legal responsibilities. The Protection of Personal Information Act (POPIA) sets clear legal responsibilities and rules for employers about collecting, processing, and storing personal data (including background screening). 

If your business is conducting background screening, you need to make sure that candidate data is handled with care and that every step is POPIA compliant. Here’s what that means and how to get it right.

Job applicant signing a consent form for a POPIA-compliant background screening.

Why background checks must be POPIA compliant

POPIA is designed to protect personal information and give individuals control over how their data is collected, used, and stored. Here’s what employers need to do to meet POPIA’s data protection standards:

  • Get clear, written consent before running any background checks.
  • Only collect information that’s directly relevant to the job you’re hiring for.
  • Use the data strictly for employment purposes – nothing else.
  • Handle all data securely and make sure it’s stored and deleted responsibly.

Even if a check is considered necessary for the job, consent is still required for any special category data, like credit or criminal history. Failure to run POPIA-compliant checks can lead to serious penalties of up to R10 million in fines or even prison time.

A recruiter closely reviewing employee documents for POPIA-compliant hiring checks.

What counts as a background check?

Background checks can include a range of personal data. POPIA sets different rules depending on the type of check and the sensitivity of the information. Typical background checks for employment include:

  • Criminal record checks: Require consent and must use a SAPS-approved fingerprint process.
  • Credit history checks: Restricted to roles involving financial responsibility. Consent is mandatory, and data must be deleted after 72 hours.
  • Qualification and employment verification: Often justified under contractual necessity, but consent should still be obtained.
  • Social media screening: Must be disclosed upfront. Consent is essential due to the potential use of personal or indirect data.

Civil, deeds, or directorship checks: Can be intrusive, so they must be relevant to the role and communicated clearly in advance.

Recruiter explaining background check procedures to candidates in an interview setting to ensure POPIA compliance.

Step-by-step: How to stay POPIA-compliant

The following steps are essential for every employer to stay on the right side of the law and ensure they are conducting POPIA-compliant background checks:

1. Get consent first

Get the candidate’s explicit, written consent before starting any check. Be transparent about:

  • What data will be collected
  • Why it’s being collected
  • Who it will be shared with

Using digital consent tools like Dots360 makes this process fast and traceable.

2. Only collect what’s relevant

POPIA requires that collected personal data must be adequate, relevant, and not excessive. Don’t screen for information unrelated to the job.

3. Use registered, POPIA-compliant providers

Only partner with screening services that are POPIA compliant, registered with the National Credit Regulator (NCR), and follow proper data handling protocols – such as Dots Africa.

4. Secure and limit data storage

Always follow POPIA’s rules on retention and deletion. For example, if you run a credit check, the results can only be kept for 72 hours. 

5. Update Your Privacy Policy

Include background screening in your company’s privacy policy. Mention what data is collected, who it’s shared with, and on what legal basis.

Common screening mistakes to avoid

Even well-intentioned businesses can accidentally breach POPIA, putting your business at risk. Here’s what not to do:

  • Never conduct a background check without obtaining clear consent 
  • Never use unregistered or non-compliant third-party providers
  • Never collect irrelevant or excessive personal information
  • Never store sensitive data longer than legally allowed
  • Never forget to document your screening process
Candidate handing over a signed consent form during a job interview.

Ready to screen the right way?

Being POPIA compliant isn’t just a legal box to tick; it’s a way for businesses to build trust with candidates and ensure their hiring process is responsible and effective.

Need help staying compliant while screening smarter? Explore Dots Africa’s background check solutions, including digital consent collection and legally compliant screening services tailored for South African employers.Follow us on Facebook, LinkedIn, or X for more tips on compliant hiring.

Recent Posts

STAY UP TO DATE WITH DOTS

SUBSCRIBE TO OUR NEWSLETTER

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Risk. Let’s manage that.

We contribute to human progress by empowering people to utilize their personal data in a way that adds value to their lives whilst enabling organizations and companies to have a revocable lease on this data in order to provide individuals with the service or product that they requested.

 
Quick Links
Follow us
Resources
Follow us
Facebook Linkedin Twitter Instagram

Copyright © 2024 Dots Africa. All rights reserved.

Made with love in South Africa