Procurements Units to Check Criminal Records

Background Checks for Winning Tenderers

Even before the reform, procurement units had to rule out suppliers that they knew, for example based on information in the media, to have committed a serious crime. What is new is that the procurement unit now has an express obligation to check that the winning tenderer has not committed a crime leading to mandatory exclusion before signing the agreement.

The procurement unit’s background check obligation applies to larger procurements for goods and service and construction contracts, i.e. those exceeding the EU thresholds. The act also provides the opportunity to carry out corporate backgrounds checks in competitive tender processes exceeding the national thresholds.

The procurement unit carries out the background check by asking the winning bidder to submit criminal record excerpts on the members of its administrative, management or supervisory bodies and on persons exercising representation, decision-making or supervisory powers in the company. The company requests the criminal record excerpts from on these persons itself from the Legal Register Centre. Prior to requesting the information, the company must obtain the consent of the persons in question.

No Copying or Storing of Criminal Record Data

Criminal records are sensitive personal data that companies must have legal grounds to process. It is clear that criminal record excerpts cannot include data on crimes other than those expressly stated in the Act on Public Contracts.

In accordance with the Act on Public Contracts, a company participating in a competitive tender process cannot copy or store criminal records for itself. In practice, this means that each person must keep their own criminal records excerpt and submit it separately for each tender process to the tendering company, which will then send the excerpt on to the procurement unit.

This can cause practical problems if the number of tendering processes and excerpts to be summited is high. Bidding companies would be well advised to create efficient internal process to handle these filings.

The procurement unit must dispose of the criminal records excerpt or return it directly to the person in question once the person’s background has been checked from the excerpt. Information provided in the criminal records cannot be disclosed to people in the procurement unit who do not need it.

The Newer the Criminal Record Excerpt, the More Reliable It Is

The Act on Public Contracts states that the criminal record excerpt cannot be more than twelve months old. This is understandable, as it makes it possible to use the same excerpt for more than one tendering process.

On the other hand, a year is a long time, and it is possible that a member of a company’s management could commit an offence during that time. So from the perspective of the accuracy of the information, older excerpts constitute a risk for the procurement unit. Of course, employees are obligated to inform their employers changes to their data.

Collected Data Forms a Register

From the perspective of employer obligations, collected criminal record data forms its own register or at least a new data category, and the matter must be discussed in cooperation negotiations prior to starting the collection of the data. Procurement units, for their part, have an obligation to record the fact that criminal record excerpts have been collected from the necessary parties. This forms its own register and the units incur the related data controller obligations, such as the obligation to draft a file description.

The data protection legislation set to change in a year  will tighten the requirements for maintaining registers even further. Many suppliers are currently reviewing their current data protection practices, and procurement units should also take a close look at the data protection issues relating to competitive tender processes.