You’ve found the perfect candidate for your remote engineering role — they’re based in São Paulo, have an impressive portfolio, and aced every technical interview. But before you send the offer letter, you need to verify their employment history, education, and criminal record. Simple, right? Not when you’re hiring across borders.
International background checks are one of the most complex and misunderstood aspects of global hiring. What’s routine in the United States — running a criminal background check, verifying employment history, and checking references — can be illegal, heavily restricted, or require explicit consent in other countries. A background check that’s perfectly compliant in New York could violate privacy laws in Berlin, trigger labor code violations in Mumbai, or breach data protection regulations in São Paulo.
In 2026, the stakes are higher than ever. GDPR enforcement has intensified, with fines for improper data processing in hiring reaching millions of euros. Countries across Asia-Pacific and Latin America have strengthened privacy legislation. And candidates are increasingly aware of their rights, with a 35% increase in data subject access requests related to recruitment.
This guide covers what you can and cannot check in major hiring markets, how to conduct compliant international background checks, and how platforms like EasyHire AI can help you manage the complexity.
Why International Background Checks Are So Complex
The Regulatory Patchwork
Unlike domestic background checks, international checks must navigate:
- Data privacy laws: GDPR (EU), LGPD (Brazil), PIPA (South Korea), PDPA (Singapore), and dozens more
- Labor laws: Many countries restrict what information employers can request
- Anti-discrimination laws: Some checks that are legal in one country may be considered discriminatory in another
- Criminal record regulations: Rules vary dramatically — from public records in the US to heavily restricted in France
- Credit check limitations: Many countries prohibit or restrict credit checks for employment purposes
- Social media screening: Increasingly regulated, with some jurisdictions requiring explicit consent
Common Compliance Mistakes
Global companies frequently make these errors:
- Assuming US standards apply globally: Criminal background checks, credit checks, and drug testing are common in the US but restricted or illegal in many countries
- Using US-based screening providers without local expertise: US providers may not understand local regulations
- Failing to obtain proper consent: Many countries require specific, informed consent before any check
- Over-collecting data: GDPR and similar laws require data minimization — only collect what’s necessary
- Retaining data too long: Background check data should be deleted after the hiring decision
- Not providing adverse action notices: Some jurisdictions require you to inform candidates before rejecting based on check results
Region-by-Region Guide: What’s Legal Where
North America
United States
The US has the most permissive background check environment among developed nations:
Permitted checks:
- Criminal records (federal, state, county)
- Employment verification
- Education verification
- Professional license verification
- Credit checks (with restrictions in some states)
- Drug testing (with state-specific restrictions)
- Social media screening (generally permitted)
- Driving records (for relevant positions)
Key regulations:
- Fair Credit Reporting Act (FCRA): Requires written consent, disclosure, and adverse action procedures
- Ban-the-box laws: 37 states and 150+ cities restrict when criminal history can be asked
- State-specific restrictions: California, New York, and Illinois have additional protections
Timeline: 1-5 business days for standard checks
Canada
Permitted checks:
- Criminal records (with consent via police check)
- Employment verification
- Education verification
- Credit checks (with consent, limited to financial positions)
- Professional references
Restrictions:
- Criminal record checks require a Vulnerable Sector Check for certain roles
- Credit checks are restricted to positions of financial trust
- Provincial privacy laws (PIPEDA at federal level) govern data handling
- Cannabis use cannot be tested in most circumstances
Timeline: 3-10 business days
Europe
European Union (GDPR Countries)
The EU presents the most complex regulatory environment for background checks:
General GDPR principles affecting background checks:
- Must have a lawful basis (usually legitimate interest or legal obligation)
- Data minimization: only collect information directly relevant to the role
- Purpose limitation: data collected for background checks cannot be used for other purposes
- Storage limitation: delete data when no longer needed
- Right to access: candidates can request copies of all data
- Right to erasure: candidates can request deletion
Country-specific rules:
Germany:
- Criminal records: Only allowed for specific roles (finance, childcare, security). Police certificates (Führungszeugnis) requested by the employer are restricted.
- Credit checks (Schufa): Heavily restricted; only for positions involving financial responsibility
- Social media: Cannot review private social media profiles
- Employment verification: Permitted with consent
- Education verification: Permitted with consent
France:
- Criminal records: Only allowed when required by law for specific professions
- Credit checks: Prohibited for employment purposes
- Social media: Cannot use social media information in hiring decisions
- Medical examinations: Only by company doctor, limited to fitness for role
- Employment verification: Permitted with consent
United Kingdom (post-Brexit):
- Criminal records: DBS checks permitted for regulated positions
- Credit checks: Permitted with consent for financial roles
- Employment verification: Standard practice
- Education verification: Standard practice
- Social media: Permitted but recommended to assess relevance
Netherlands:
- Criminal records: VOG (Certificate of Good Conduct) required for certain roles
- Background checks must be proportionate to the role
- Employers must provide candidates with information about checks before they begin
Asia-Pacific
India
Permitted checks:
- Employment verification: Standard practice and widely accepted
- Education verification: Standard practice
- Criminal records: Court records are public; police verification available
- Address verification: Common practice
- Credit checks: Permitted with consent for financial roles
- Drug testing: Permitted for safety-sensitive positions
Restrictions:
- No comprehensive data privacy law (Digital Personal Data Protection Act 2023 is being implemented)
- Consent is important but enforcement is still developing
- Social media screening: Generally permitted but use with caution
Timeline: 5-15 business days (can be longer due to manual verification processes)
Japan
Permitted checks:
- Employment verification: Permitted with consent
- Education verification: Permitted with consent
- Criminal records: Very restricted; no public criminal record system
- Credit checks: Not standard practice
Restrictions:
- Act on the Protection of Personal Information (APPI): Strict data handling requirements
- Criminal background checks are not readily available and are considered invasive
- Medical examinations: Permitted only for job-related fitness
- Social media: Not recommended due to privacy concerns
- Asking about marital status, religion, or political affiliation is prohibited
Timeline: 5-10 business days
Singapore
Permitted checks:
- Criminal records: Standard practice via Singapore Police Force
- Employment verification: Standard practice
- Education verification: Standard practice
- Credit checks: Permitted for financial roles via Credit Bureau Singapore
- Professional references: Standard practice
Key regulation:
- Personal Data Protection Act (PDPA): Requires consent for data collection and limits use
- Employers should only collect data relevant to the employment decision
Timeline: 3-7 business days
Latin America
Brazil
Permitted checks:
- Employment verification: Permitted (e- Social system provides official records)
- Education verification: Permitted
- Criminal records: Available through court systems
- Credit checks: Restricted to financial positions with consent
Restrictions:
- LGPD (Lei Geral de Proteção de Dados): Brazil’s comprehensive data privacy law (modeled after GDPR)
- Must have lawful basis for processing personal data
- Criminal record checks cannot be used as a blanket disqualification
- Social media: Restricted under LGPD
- Data minimization is strictly enforced
Timeline: 5-15 business days
Mexico
Permitted checks:
- Employment verification: Permitted
- Education verification: Permitted
- Criminal records: Available but process varies by state
- Credit checks: Permitted with consent for relevant positions
Restrictions:
- Federal Law on Protection of Personal Data governs background screening
- Consent required for all checks
- Criminal records should not be the sole basis for rejection
Timeline: 5-10 business days
Middle East & Africa
United Arab Emirates
Permitted checks:
- Criminal records: Available through Dubai Police or Abu Dhabi Police
- Employment verification: Standard practice (especially via WPS records)
- Education verification: Standard practice (attestation may be required)
- Credit checks: Available through AECB for UAE residents
Restrictions:
- UAE Data Protection Law requires consent
- Social media screening: Permitted but use with cultural sensitivity
- Some checks require UAE residency
Timeline: 3-10 business days
South Africa
Permitted checks:
- Criminal records: Via SAPS clearance
- Employment verification: Standard practice
- Education verification: Standard practice
- Credit checks: Permitted with consent via credit bureaus
Restrictions:
- POPIA (Protection of Personal Information Act): Requires consent and data minimization
- Criminal record checks should be relevant to the position
- Cannot discriminate based on arbitrary grounds
Timeline: 5-15 business days
Best Practices for Compliant International Background Checks
1. Establish a Global Background Check Policy
Create a standardized policy that:
- Defines which checks are required for each role type
- Maps checks to country-specific legal requirements
- Establishes consent procedures for each jurisdiction
- Sets data retention and deletion schedules
- Defines adverse action procedures
2. Obtain Proper Consent
Best practices for consent:
- Use clear, plain language (not legal jargon)
- Specify exactly which checks will be conducted
- Explain how data will be used, stored, and shared
- Provide consent in the candidate’s local language
- Make consent separate from the employment application
- Allow candidates to ask questions before consenting
3. Use Local Experts
Why local expertise matters:
- Local providers understand jurisdiction-specific requirements
- They have established channels for obtaining records
- They can navigate language barriers and bureaucratic processes
- They stay current with changing regulations
- They can advise on what’s culturally appropriate
4. Minimize Data Collection
Under GDPR and similar laws:
- Only collect data directly relevant to the hiring decision
- Don’t run checks that aren’t necessary for the role
- Avoid over-broad criminal record checks
- Don’t collect data you don’t plan to use
5. Implement Proper Data Handling
Data handling requirements:
- Encrypt all background check data in transit and at rest
- Limit access to authorized personnel only
- Delete data after the hiring decision (typically 6-12 months)
- Maintain audit trails of who accessed the data
- Report breaches within required timeframes (72 hours under GDPR)
6. Conduct Adverse Action Properly
When a background check reveals concerning information:
- Review the findings for accuracy and relevance
- Inform the candidate of the findings (required in many jurisdictions)
- Give the candidate an opportunity to explain or dispute
- Document your decision-making process
- Make the final decision based on job relevance
How EasyHire AI Streamlines International Background Checks
Managing background checks across multiple countries is a logistical nightmare without the right tools. EasyHire AI’s platform helps global hiring teams:
- Country-specific check workflows: Automatically recommend the appropriate checks based on the candidate’s country and your role requirements
- Consent management: Generate compliant consent forms in the candidate’s local language
- Vendor integration: Connect with leading global background check providers (Checkr, Sterling, HireRight, and regional specialists)
- Compliance tracking: Monitor check status across all candidates and flag potential compliance issues
- Data retention automation: Automatically schedule data deletion in compliance with local regulations
- Adverse action workflows: Guided processes for handling adverse findings in compliance with local requirements
See EasyHire AI in action → | Install Chrome Extension →
Choosing a Global Background Check Provider
Top Providers by Region
| Provider | Coverage | Strengths |
|---|---|---|
| Checkr | US, expanding globally | Fast turnaround, AI-powered |
| Sterling | Global (195+ countries) | Comprehensive coverage |
| HireRight | Global (200+ countries) | Enterprise-grade compliance |
| First Advantage | Global (200+ countries) | Strong APAC coverage |
| Certn | Canada, US, UK, expanding | Modern platform, good UX |
| GoodHire | US focus | SMB-friendly |
| Veremark | APAC focus | Strong in India, Singapore |
What to Look for in a Provider
- Local expertise: Do they have in-country knowledge and resources?
- Compliance capabilities: Can they handle GDPR, LGPD, and other data privacy requirements?
- Turnaround time: How fast can they deliver results for each check type?
- Integration: Does it integrate with your ATS and HR systems?
- Candidate experience: Is the process smooth and transparent for candidates?
- Pricing model: Per-check, subscription, or volume-based?
Frequently Asked Questions
Can I run a US-style criminal background check on a candidate in Germany?
No. Germany heavily restricts criminal record checks. Employers cannot directly request a police certificate (Führungszeugnis) from candidates for most positions. Criminal record checks are only permitted for specific regulated roles (e.g., positions involving work with children, financial services, or security). Even for permitted roles, the process is different from the US — candidates must request the certificate themselves from the Federal Office of Justice.
Do I need consent to conduct background checks internationally?
Yes, in virtually every jurisdiction. The level of consent required varies: in the US, written consent under FCRA is required; in the EU, GDPR requires explicit informed consent or another lawful basis; in many Asian countries, specific consent for each type of check is required. Always obtain consent before initiating any background check, and be specific about what you’re checking.
How long should I retain background check data?
Under GDPR and similar laws, you should retain background check data only as long as necessary for the hiring decision — typically 6-12 months after the position is filled. After that, the data should be securely deleted. In the US, FCRA requires proper disposal of consumer reports. Always check local requirements, as some jurisdictions have specific retention mandates.
Can I check a candidate’s social media profiles internationally?
This depends on the jurisdiction. In the US, social media screening is generally permitted (with some state restrictions). In the EU, reviewing private social media profiles may violate GDPR and national privacy laws. In Germany and France, courts have ruled against using social media information in hiring decisions. Best practice: only review publicly available professional profiles (like LinkedIn), and document your legitimate business reason for doing so.
How does EasyHire AI help with international background check compliance?
EasyHire AI’s platform includes built-in compliance workflows for international background checks. The system automatically recommends appropriate checks based on the candidate’s location and role, generates compliant consent forms in local languages, integrates with leading background check providers, tracks check status, and manages data retention schedules. Book a demo to see how it works for your global hiring needs.
Conduct Compliant Background Checks Worldwide
International background checks don’t have to be a compliance minefield. With the right knowledge, proper consent procedures, and tools designed for global hiring, you can verify your candidates’ backgrounds while respecting local laws and candidate rights.
The key is to never assume that what works in your home market works everywhere else. Each country has its own rules, and compliance requires local expertise and careful process design.
EasyHire AI helps global hiring teams navigate international background checks with confidence — from consent management to compliance tracking to data retention.
Ready to streamline your global background check process? Book a demo → | Get the Chrome Extension →
Continue reading: EOR vs. Entity Setup。 | GDPR Hiring Guide。 | India Hiring Guide。
