Ireland Employee Background Checks

Country Overview

Importantly, there must be transparency with the data subject which includes ensuring the data subject understands who is receiving, collecting and/or processing the personal data and why. Additionally, the data subject must provide consent for personal data processing that is specific, freely given and informed. Many experts believe that consent as it relates to employment can never truly be "freely given" so employers should consult with a qualified legal expert to determine what steps should be taken if an individual were to refuse consent to a background check. Explicit consent must be given for the processing of sensitive personal data (which includes "the commission or alleged commission of any offence"). Further, personal data should be collected and processed for one specific and legitimate purpose and should not be retained for longer than necessary.

Employers should understand that it is illegal to force an individual to make a data protection access request (otherwise referred to as an "enforced subject access request"). Essentially this means that employers cannot require applicants or employees to request copies of personal data (such as a criminal record certificate) and then provide that information to the employer.

It is also important to note that the data privacy landscape throughout the European Union is shifting due to the passage of the General Data Protection Regulation (GDPR) which goes into effect May 25, 2018. As noted in the introductory notes of the legislation, the fragmented nature of data privacy across member states created significant challenges to businesses in terms of compliance and presented different rights for individuals depending on where they resided. Instead, the GDPR will represent a uniform law that all impacted companies must adhere to. The GDPR presents strengthened protections for data subjects as well including a "right to be forgotten", easier access to their data and stronger enforcement of the rules.

The EU-US Privacy Shield presents one method for lawful data transfers from Ireland (or any other member state) to the United States. The Privacy Shield is the result of an agreement between the European Commission and the US following the invalidation of the US-EU Safe Harbor Framework in October 2015. Info Cubic self-certifies compliance with the EU-US Privacy Shield as set forth by the U.S. Department of Commerce regarding the collection, use and transfer of personal data from the European Union member states to the United States. More information about this program may be found here: https://www.privacyshield.gov/welcome and a list of active and inactive organizations, including Info Cubic's certification, may be found here: https://www.privacyshield.gov/list.

For further information, download our Ireland Country Sheet.

Need more information about Ireland background checks?

How to Conduct Background Checks in Singapore
January 18, 2021

How to Conduct Background Checks in Hong Kong
January 15, 2021

The Rundown on Conducting United Arab Emirates (UAE) Background Checks
January 13, 2021

The Rundown on Conducting Background Checks in South Africa
January 08, 2021

How to Conduct Philippines Background Checks
January 05, 2021

Individual Records Searches

Signup

Ireland Criminal Records Search

Requirements: Name, date of birth, address, release

The criminal record search in Ireland is conducted through the Ireland International News Agency Republic of Ireland. Sources include: Central Criminal Court, the Special Criminal Court, the Court of Appeal, Dublin Circuit Criminal Court, High Court extradition, select High Court proceedings, as well as from Family Courts, Medical Council Fitness to Practice Inquires, Nursing and Midwifery Fitness to Practice Inquires, Employment Appeal Tribunals and Courts Martial courts.

Ireland Civil Records Search - Nationwide

Requirements: Name, date of birth, address, release

The search is performed the through the Irish Register of Court Judgments that contains cases from the High Court, Court of Appeal and Supreme Court.

Ireland Bankruptcy Records Search

Requirements: Name, date of birth, address

This search is conducted at the local level through the court based on the jurisdiction of the address provided. Report may include file date, case number, name of court where case was filed and case status if a bankruptcy case can be located.

Education Degree Verification in Ireland

Requirements: Name, date of birth, school name, degree, major, dates of attendance, city of school, release form, copy of degree

It is common to verify only the highest degree obtained by a candidate. Educational institutions will be contacted to verify dates of attendance, graduation date and degree information.

Employment Verification in Ireland

Requirements: Name, date of birth, employer name and contact information, dates of employment, position held, release form

Employers will be contacted to verify the individual’s title, dates of employment and if the candidate is eligible for rehire. Typically employment verifications do not extend beyond a 7 year time frame in the absent a legal or regulatory requirement to obtain that information.

Reference Check in Ireland

Requirements: Applicant name and date of birth, reference's relationship, contact name and contact information (including phone number and email address)

This search is conducted via telephone (or at times e-mail) with the individual’s personal or professional references using a standard list of questions.

Motor Vehicle Records

The motor vehicle records search will confirm the validity of an individual’s Driver’s License.

Credit Report

Requirements: Name, Date of Birth, Address, Identification Number, Signed Release Form

The individual credit report provides a summary of an individual's credit history. Other information provided in the report may include information on the individual's bad debt and collections, trade account information, bankruptcies and court liens or judgments.

According to the Data Protection Commissioner, employers seeking access to credit information may or may not have data protection concerns. Any requirement for employees/applicants to provide this information for employment screening may run afoul of the Data Protection Act (see section on “enforced subject access request” in the Country Overview).

Professional License Verification

This search verifies the individual’s claimed license. Most often, the Professional License Verification simply provides the current status of the license claimed; however, other details such as license number, date of issuance, expiration and disciplinary action will be provided when available.

Global Monitor Check

Requirements: Name, date of birth, address

The Global Monitor Check (GMC) is database product that searches a variety of databases including (but not limited to):

• Bank of England Sanctions
• Commodity Futures Trading Commission List of Regulatory and Self-Regulatory Authorities
• Defense Trade Controls (DTC) Debarred Parties
• FBI Fugitives 10 Most Wanted, Most Wanted Terrorists and Monthly Most Wanted
• Financial Crimes Enforcement Network Special Alert List
• Foreign Agent Registrations
• International Police Most Wanted
• Office of Foreign Asset Control
• OFAC - Enhanced Sanctioned Countries
• OFAC – Palestinian Legislative Council
• Office of Controller of Currency of Unauthorized Banks
• OSFI - Canada
• Politically Exposed Persons
• State Department Terrorist Exclusions
• Terrorists Inside of European Union
• Terrorists Outside of European Union
• United Nations Named Terrorists
• US Bureau of Industry and Security - Unverified Entity List
• US Bureau of Industry and Security - Denied Entity List
• US Bureau of Industry and Security - Denied Person List
• World Bank Ineligible Firms

ID Check in Ireland

Requirements: Name, DOB, Address, Consent Form, Identification Card Color Copy (Front and Back)

A validation and/or verification of the data subject’s identity documents.

Directorship Check in Ireland

Requirements: Name, date of birth, address, passport copy, company name where directorship was held, company address, In-Country Residence History Form

A search to determine if a candidate had fiduciary or board of directors responsibilities for a company.

Individual Packages

Signup

Employment Screening Package

Requirements: Name, date of birth, city, school name, degree obtained, dates of attendance, city of school, employer name and contact information, dates of employment, position, copy of degree, father's last name, employee ID and release form

The employment screening package provides discounted pricing rather than ordering individual products. The package Includes:

-Criminal Background Check
-Highest Degree Verification
-One Employment Verification

Criminal and Civil Search Package

Requirements: Name (including former name), dob, address, release

The Criminal and Civil Search Package offers discounted pricing of our most popular searches. This bundle includes one criminal records search and one civil records search, based on the jurisdiction of the address provided.

Civil and Bankruptcy Search Package

Requirements: Name (including former name), dob, address, release

The Civil and Bankruptcy Search Package offers discounted pricing of our most popular due diligence searches. This bundle includes one civil records search and one bankruptcy records search, based on the jurisdiction of the address provided.

Criminal Record Information in Ireland

Criminal history and criminal record information is considered private information under Ireland’s Data Protection Act due to its sensitive nature. In general, criminal record information is not available for employment purposes unless the position requires the individual to work with children or vulnerable adults. The Irish National Police, also known as The Garda, conducts these criminal record checks and provides the individual with a Police Certificate (formerly known as “Police Certificates of Character”).

Police Certificates are issued through an individual’s local Garda Station in the jurisdiction that they reside. Garda Headquarters is not involved with this process, and the Garda Headquarters stamp will not appear on the Police Certificate. Derogatory information is usually listed on the back of the form. Valid Police Certificates issued from a Garda Station have a district stamp (usually in the lower left hand corner) identifying the issuing Garda Station. The certificate is signed by the District Superintendent, or their deputy.

Residents of the Republic of Ireland may apply for a Police Certificate through their local Garda Station in the jurisdiction that they reside. Persons residing outside of Ireland can apply for the Police Certificate by writing the Garda Office in the district of their former residence. The subject should furnish their full name, date, place of birth, and place and period of all residences in the Republic of Ireland, including full addresses. The request should be accompanied by a birth certificate. Police Certificates will only be issued directly to the subject from the local Garda Station.

Due to the limitation of Police Certificates only being issued to the subject directly, Info Cubic does not offer Police Certificates in Ireland. Instead, Info Cubic offers a Prohibited Activity Database search in lieu of a traditional criminal search. This proprietary database will pull information from various sources that are publicly available. This database includes records from the Irish Competition Authority Decisions, Irish Court of Criminal Appeal, High Court of Criminal Appeal, High Court of Ireland Decisions, Irish Information Commissioner's Decisions, Irish Data Protection Commission Case Studies, and Supreme Court of Ireland Decisions. While this search will provide insight into an individual’s past, it should not be considered a true, comprehensive criminal history review.

According to the Data Protection Commissioner, employers are entitled to ask individuals if they have previous criminal convictions. However, only those criminal convictions that are related to the job in question should be considered. Companies that hire individuals working with children or vulnerable adults must be vetted by the National Vetting Bureau of the Garda Síochána (formerly the Garda Central Vetting Unit) pursuant to the National Vetting Bureau (Children and Vulnerable Persons) Acts 2012-2016 (effective April 2016). These requirements have also been extended to employees covered by the Private Security Services Act 2004 (nightclub security staff, bouncers, etc.). For all other employees, the Garda vetting services are not available.

Irish Privacy laws & Regulations

Historically, data protection has been controlled by the Data Protection Act of 1988 and the Data Protection (Amendment) Act of 2003. These laws outline eight principles of data protection that must be adhered to when collecting and processing personal data. These eight principles of data protection are:

Obtain and process information fairly.
Keep information only for one or more specified, explicit and lawful purposes.
Use and disclose information only in ways compatible with the purposes for which it was originally given.
Keep information safe and secure.
Keep information accurate, complete and up-to-date.
Ensure information is adequate, relevant and not excessive.
Retain information for no longer than is necessary for the specified purpose or purposes.
Give a copy of an individual's personal data to that individual upon request.

Importantly, there must be transparency with the data subject which includes ensuring the data subject understands who is receiving, collecting and/or processing the personal data and why. Additionally, the data subject must provide consent for personal data processing that is specific, freely given and informed. Many experts believe that consent as it relates to employment can never truly be “freely given” so employers should consult with a qualified legal expert to determine what steps should be taken if an individual were to refuse consent to a background check. Explicit consent must be given for the processing of sensitive personal data (which includes “the commission or alleged commission of any offence”). Further, personal data should be collected and processed for one specific and legitimate purpose and should not be retained for longer than necessary.

Employers should understand that it is illegal to force an individual to make a data protection access request (otherwise referred to as an “enforced subject access request”). Essentially this means that employers cannot require applicants or employees to request copies of personal data (such as a criminal record certificate) and then provide that information to the employer.

It is also important to note that the data privacy landscape throughout the European Union is shifting due to the passage of the General Data Protection Regulation (GDPR) which goes into effect May 25, 2018. As noted in the introductory notes of the legislation, the fragmented nature of data privacy across member states created significant challenges to businesses in terms of compliance and presented different rights for individuals depending on where they resided. Instead, the GDPR will represent a uniform law that all impacted companies must adhere to. The GDPR presents strengthened protections for data subjects as well including a “right to be forgotten”, easier access to their data and stronger enforcement of the rules. The GDPR establishes six privacy principles. Those privacy principles are:

Lawfulness, fairness, and transparency

Lawful: Organizations processing personal information data must meet the requirements described in article 5, clause 1(a) of the GDPR. Written consent of the individual whose information is to be collected must be obtained.
Transparency: Organizations must notify the data subject of what personal information data processing will be done.
Fairness: Organizations must process personal information data according to how they described it to be when notifying the individual of what processing will be done.

Purpose limitations

Organizations must have a “specified, explicit and legitimate [business] purpose” for collecting personal information data. The collected data can only be used for the specific primary purpose that the data subject has been made aware of, and gave consent to. Secondary purposes are prohibited unless further consent has been obtained from the data subject.

Data minimization

Organizations must only collect personal information data that is “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.” Only the minimum amount of data necessary for specific processing is allowed to be collected and kept.

Accuracy

Organizations collecting data must ensure that data is “accurate and where necessary kept up to date.” Processes should be in place to ensure that the information collected is accurate, up-to-date, complete, relevant, and not misleading.

Storage limitations

Organizations may not retain data longer than necessary. The GDPR states data must be “kept in a form which permits identification of data subjects for no longer than necessary.” Data no longer required should be de-identified and destroyed.

Integrity and confidentiality

Organizations must handle data “in a manner [that ensures] appropriate security of the personal data including protection against unlawful processing or accidental loss, destruction or damage.” Organizations must have strict security measures in place to protect data from misuse, loss, unauthorized access, modification, and disclosure.

Search Other Frequently Ordered Countries

Australia Brazil Canada China Costa Rica Germany	Hong Kong India Ireland Israel Italy Japan	Malaysia Mexico Nepal New Zealand Philippines Puerto Rico	Singapore South Africa Spain United Kingdom Other Countries
Australia Brazil Canada China Costa Rica Germany	Hong Kong India Ireland Israel Italy Japan