Blog

A Guide to Managing DBS Check Data for Employers

30th Sep 2024

When handling employee dbs check data, employers must adhere to strict guidelines set out by the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. These regulations ensure that personal data is stored, managed, and disposed of securely, maintaining the privacy rights of individuals.

DBS checks contain sensitive information, which falls under the same stringent data protection principles. Employers must handle DBS certificate data with care to avoid breaches of confidentiality, fostering trust between employer and employee.

dbs data

Best Practices for Managing DBS Check Data

 

Here are some key “Do’s” for managing DBS check information:

DBS Check Data Do’s:

  1. Have a Written Policy
    Employers must create a written policy on the safe handling of DBS data. This policy should be readily available to employees upon request, along with their personal documents.
  2. Keep a Record of Essential Details
    Employers can record the following information:
    • Date of issue of the DBS certificate
    • Name of the applicant
    • Type of DBS check conducted
    • Position for which the DBS check was requested
    • Certificate number
    • Details of the recruitment decision made
  3. Dispose of Data Securely
    You should securely destroy DBS information using methods like shredding or burning. Store the document in a secure location if it is awaiting disposal.
  4. Implement a Renewal Timeframe
    Employers should have a clear policy on renewing DBS checks. Alternatively, they may request permission from employees to access the DBS Update Service if registered.
  5. Store Data in Secure Locations
    Store all DBS data in lockable, non-portable storage with restricted access, allowing only authorised personnel to handle the information.
  6. Obtain Employee Consent
    It is a legal requirement to obtain an employee’s consent before conducting a DBS check. Performing a check without permission is against the law.

What Employers Should Avoid

Employers must also be aware of the “Don’ts” when handling DBS data to ensure compliance and avoid legal issues:

DBS Check Data Don’ts:

  1. Do Not Discriminate
    Employers should not automatically reject applicants based on criminal records disclosed in a DBS check. Under the Rehabilitation of Offenders Act 1974, employers must treat applicants with criminal records fairly and avoid discrimination.
  2. Do Not Use Data for Unauthorised Purposes
    Use information from the DBS certificate only for the specific purpose it was requested and with the applicant's consent.
  3. Do Not Share Certificate Information
    You must not pass the DBS certificate to anyone who is not authorised to view it.
  4. Do Not Retain Data Longer Than Necessary
    Employers should only retain DBS data for as long as necessary. Certain organisations, such as those inspected by the CQC, Ofsted, or the Care and Social Services Inspectorate for Wales, can legally retain data for inspection purposes.

Conclusion

Managing DBS check data responsibly is crucial for maintaining trust, complying with legal obligations, and ensuring the safety of both employees and the workplace. By following these guidelines, employers can safely manage sensitive information and support the privacy rights of their team members.

For more detailed guidance, visit the official government page on Handling of DBS Certificate Information.