Background Checks in Romania: What the Law Really Says (and Why They’re Not Illegal)

Two business professionals discussing plans with notebooks and papers at a meeting.

At Mindit Consulting, one question lands in our inbox more than almost any other:

“Are background screening services even legal in Romania under GDPR?”

We get why people ask. Data protection is taken seriously here, and nobody wants to trip over the law while trying to make a good hire.

So we sat down with legal expertise on our side and put the answer in plain language. No jargon walls. Just what HR professionals, hiring managers, and candidates actually need to know about how screening works, why it’s legal, and (the part most articles skip) why it’s genuinely good for everyone involved.

If you want to listen to our AI podcast, you can find it below:

1. Are Background Checks Legal in Romania?

Yes. As long as they follow GDPR requirements and Romanian labour law, background screening is perfectly legal.

Here’s the thing people misunderstand: GDPR doesn’t ban background checks. It asks for a valid legal basis to process personal data. Those bases include:

  • The candidate’s consent (Art. 6 GDPR)
  • Legitimate interest of the employer (Art. 6 GDPR)
  • Legal obligations tied to the role (Labour Code, ISO standards, sector rules)

Romania layers its own rules on top through Law 190/2018, which implements GDPR nationally. So the real question isn’t whether screening is allowed. It’s how it’s done.

2. What Types of Background Checks Are Covered?

Most people picture a background check as a single thing. It isn’t. In practice it’s a menu, and what you pull off that menu depends entirely on the role. A helpdesk hire and a finance controller don’t need the same scrutiny, and treating them the same is either overkill or negligence, depending on which way you get it wrong.

Here’s the full range of checks we run for clients across Romania and abroad:

  • ID and right-to-work check: confirms the person is who they say they are, and can legally work in the role.
  • Education / studies verification: last diploma, or several diplomas, confirmed with the issuing institution.
  • Employment history: role and period, typically the last 5 to 7 years, up to three employers.
  • Criminal record confirmation: the cazier judiciar, handled only where the role legally allows it (see section 3).
  • Reference checks: from former managers or previous employers, not candidate-supplied phone numbers.
  • Legal search: court and litigation records, including relevant non-employment cases.
  • Credit report: financial-responsibility roles, where money or assets are on the line.
  • Global Sanctions and Watchlist search: international screening against sanction and watch lists.
  • Media and social media screening: public-facing reputational risk, done proportionately.
  • Address history: up to 10 years, for higher-trust or regulated positions.
  • Professional membership verification: confirms licences and professional body registration.
  • Time-gap analysis: explaining breaks longer than 30 days in a candidate’s history.

All of these fall under legitimate interest or candidate consent, and they’re fully legal. They confirm a candidate’s skills, experience, and integrity, and they line up with Article 29 of the Labour Code, which lets employers assess whether someone’s actually fit for the job before signing them on.

Which checks come up most often?

Look across dozens of screening packages and a clear pattern shows up. Four checks form the backbone of almost every one we run:

  1. ID / right-to-work: the non-negotiable starting point. Nearly every package includes it.
  2. Employment verification: the most-lied-about area on a CV, so almost always checked.
  3. Education verification: usually the last diploma, sometimes a longer window.
  4. Criminal record confirmation: standard wherever the role legally permits it.

After that core four, legal search and Global Sanctions/Watchlist screening are the next most common add-ons, especially for international or client-facing roles. Credit reports, address history, media screening, and membership checks show up less often, reserved for positions where the extra depth earns its place. In other words: everyone verifies identity, work, and education.

Matching the check to the role

This is the part that actually matters. The right package isn’t the biggest one. It’s the one that fits the sensitivity of the role. We tend to think of it in three tiers:

Standard roles. Most positions sit here: administrative, operational, general office staff. Identity, employment history, and education usually cover it. You’re confirming the person is genuine and qualified, nothing more invasive than the job warrants.

Regulated roles. Healthcare, banking, finance, education, public service, security. Here a criminal record check or integrity certificate is often legally required, not optional, and legal search plus sanctions screening frequently come into play. The law does part of the deciding for you.

High-trust and high-access roles. Senior leadership, finance controllers, anyone with access to sensitive data, client funds, or critical systems. This is where the deeper checks belong: credit reports, extended address history, media and social media screening, professional membership. The cost of a bad hire climbs steeply with seniority, so the verification depth climbs with it.

Role typeTypical checks
StandardID, employment history, education
RegulatedCore checks + criminal record, legal search, sanctions/watchlist
High-trust / high-accessAll of the above + credit report, address history, media & social media, membership

One principle underneath all of it: proportionality. GDPR expects checks to be relevant and necessary for the specific role. Running a credit report on a warehouse hire isn’t thorough, it’s a compliance risk. Matching the check to the role isn’t just good practice. It’s the law doing its job.

3. What About Criminal Records?

This is where it gets specific, and where a some companies overstep without realising.

Under Article 10 of GDPR, criminal record data can only be processed:

  • When required by law, or
  • Under the control of a public authority

For certain roles (education, healthcare, public service, security, finance), employers are legally required to request a criminal record or a behavioural integrity certificate.

4. Why Should Companies Bother With Background Screening At All?

Let’s be honest about this. Hiring isn’t just filling a seat. It’s handing someone access to your systems, your clients, your data, and your team’s trust. Get it wrong and the bill arrives fast.

A bad hire can cost between 30% and 50% of that person’s annual salary once you add up recruitment, onboarding, lost productivity, and the scramble to replace them.

Source: The True Cost of a Bad Hire, iprospectcheck (2026)

And the risk isn’t theoretical. Resume fraud has become almost routine:

Then there’s the new tool: AI. Deepfake interviews and synthetic identities aren’t science fiction anymore. Gartner projects that by 2028, roughly one in four candidate profiles worldwide could be fraudulent. That’s not a problem you interview your way out of. It’s a verification problem.

Source: Gartner via Avvanz (2026)

So what does proper screening actually buy a company? A few concrete things:

  • Lower hiring risk. You catch red flags before they become payroll.
  • Verified qualifications. The degree exists, the job titles are real, the dates line up.
  • Legal and cultural alignment. The hire fits the role’s regulatory demands and your team.
  • Safer, more resilient workplaces. Fewer nasty surprises down the line.
  • Reduced liability. In regulated sectors, skipping checks can expose you to negligent-hiring claims.

Put simply, screening pays for itself the moment it stops one bad hire. And with 94% of employers now running some form of check, going without it isn’t caution. It’s an outlier.

Source: CrossChq (2025)

The cost of skipping it, at a glance

Risk areaWhat the data shows
Cost of a bad hire30–50% of annual salary
Resume lying caught~60% of hiring managers
Verification discrepanciesUp 44% (2021–2024)
Revenue lost to fraud~5% per year (avg.)
Fraudulent profiles by 2028~25% (Gartner projection)

5. Why Screening Is Actually a Good Sign for Candidates

Here’s the part that gets lost in the compliance talk. A background check isn’t something done to a candidate. When it’s handled well, it works for them too. And smart candidates know it.

Think about it from their side for a second. If you’ve got a clean record, real credentials, and honest experience, a screening process is the thing that makes those facts count. It levels the field against the applicant two seats over who padded their CV. Verification rewards the honest.

There’s a second, quieter benefit: a company that screens is usually a company worth working for. A transparent, structured process signals maturity. It tells candidates the employer takes safety, fairness, and its own people seriously. Nobody wants to join a team where the person next to them lied their way in.

The catch is that screening only builds trust when it’s done with care. Get it wrong and it backfires:

  • 38% of employers say they’ve lost candidates to a poor background-check experience (Checkr, 2025)
  • 60% of job seekers report a bad candidate experience makes them less likely to support that organisation later (SHRM)

So what does a candidate-friendly check look like in practice? A few things make all the difference:

  1. Explain the why. Tell candidates what you’re checking and the reason behind it. Uncertainty breeds anxiety.
  2. Ask for consent, clearly. Written, plain-language authorisation before anything starts.
  3. Keep them posted. A week of silence during a check feels like a red flag, even when nothing’s wrong.
  4. Give them a right of reply. Let candidates see results and add context to anything that surfaces.

Done this way, the check becomes a first impression, not a hurdle. The candidate walks away thinking “these people are organised and fair.” That’s the reputation that wins offers in a competitive market.

6. Final Thoughts for HR Professionals

A few things worth remembering:

  • Background checks are legal in Romania, full stop, when they’re done transparently and with the right legal basis.
  • They protect the company from bad hires, fraud, and liability that costs far more than the check ever will.
  • They protect honest candidates too, and signal an employer worth joining.

At Mindit Consulting, we build screening processes that are effective, ethical, and secure. GDPR-compliant by design, respectful of candidate rights, and tailored to your sector, whether that’s IT, healthcare, banking, or BPO.

Want clarity on how background screening can support your hiring without the legal worry?

We’re here for it. Give us a call and let’s talk: 0725.568.211