Under the Digital Personal Data Protection framework, BGV consent is not a checkbox footnote—it is the gate before any check runs. HR and legal teams in June 2026 are redesigning intake so consent, purpose, and retention are captured once and auditable forever.
Minimum consent content for BGV
- Identity of data fiduciary (employer) and processor (BGV vendor)
- Purpose: pre-employment background verification for hiring decision
- Checks listed: identity, address, education, employment, court/criminal, references—as applicable
- Retention period and access/correction path (as defined by your privacy team)
- Withdrawal impact: hiring may not proceed if consent is withdrawn mid-process
Cross-reference the broader DPDP BGV checklist and DPDP compliance guide for program-level design.
Where to capture consent in the hiring flow
Best practice: consent at offer acceptance or dedicated BGV portal—before the vendor pulls data. Mobile flows via WhatsApp BGV or ATS-triggered links keep consent tied to the case ID. API integrations should pass consent metadata per ATS/HRMS BGV API guidance.
Consent vs adverse action
Consent covers processing; it does not replace fair review when findings arrive. Pair consent design with adverse action policy so candidates receive notice and opportunity to respond before final decisions.
Vendor due diligence on consent
- Versioned consent text stored per case
- No checks before consent timestamp
- Processor agreement aligned to DPDP obligations
- Secure storage per BGV report storage rules
Audit your BGV consent flow in a live demo
See DPDP-aligned intake, consent records, and check triggers mapped to your role tiers—free walkthrough for HR and legal.
Request DPDP BGV demo Call +91 7824887768Related: Aadhaar eKYC hiring · SOC 2 vendor questions · Employment verification