If a company needs to fill a new position, HR managers are keen to fill this position in the best possible way with the help of a personnel selection process. It is not uncommon for them to do their own research in order to obtain more information about the applicant or to verify known information. This so-called "pre-employment screening" (or also called "background check") brings up some questions from data protection law in the personnel selection process.

Learn here what you should consider when gathering information about applicants.

Personnel selection process with the help of the Internet

In the modern (working) world, a lot of information about the applicant can be found quite easily on the Internet. In social networks from the area of leisure (for example, Facebook or Instagram) or the professional environment (for example, LinkedIn or Xing), the information from the application can be checked and supplemented. In addition, there are also databases that provide information about criminal offenses, for example.

This information, which allows the identification of a person, is personal data in the sense of the GDPR. This means that the data protection regulations must be observed when dealing with them.

Legal Basis for "Pre-Employment Screening"

According to the GDPR, the processing of this personal data must be based on a legal basis. First of all, the consent of the applicant concerned (Art. 6 I 1 lit. a DSGVO) comes into question. There could also be a necessity for the intended employment contract (Art. 6 I 1 lit. b DSGVO).


Consent under data protection law must initially be voluntary. Difficulties arise here due to the imbalance between the potential employer and the applicant. If the applicant agrees to a background check when asked, he or she usually does so out of fear of rejection.

Even if consent is obtained from the applicant, this does not therefore satisfy the requirements of data protection law.


For the potential employer, the pre-employment screening could be necessary for the subsequent establishment of an employment contract (Art. 6 I 1 lit. b DSGVO). For this purpose, the interests and the degree of necessity must be weighed in each individual case. However, this will usually be to the disadvantage of the employer.

Dealing with "pre-employment screening" in practice

If the recruiter wants to find the most suitable candidate without violating data protection law, there are some practical tips he should follow.

The same applies in the applicant selection process: If you don't ask, you stay stupid! So if the submitted documents are incomplete or raise questions, the first thing you should do is contact the applicant personally.

Use interviews, recruitment tests or similar formats to get a better picture of applicants. The insights gained here are usually more valuable than any application documents submitted in writing.

If it is unclear which data about the applicant may be researched by hand, it is best to use the right to ask questions under the General Equal Treatment Act (AGG), the provisions of which every HR manager is familiar with from job interviews. If information is involved that may not be asked for in the job interview even under the AGG, you should not research this yourself.

All processes should always comply with the regulations of the GDPR in an up-to-date and transparent manner.

In addition, the private and professional levels should be strictly separated. If research is to be conducted on your own, use professionally oriented sources (e.g. LinkedIn or Xing) as a guide.


Caution must be exercised in "pre-employment screening." Not everything the recruiter can find about the applicant is what he or she should be looking for. It is recommended to rely largely on traditional selection procedures such as interviews and recruitment tests.

If you have any questions regarding the data protection-compliant implementation of applicant selection procedures, please feel free to contact our team of experts!

DSB buchen