Facebook
Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site.

We also use third-party cookies that help us analyze how you use this website, store your preferences, and provide the content and advertisements that are relevant to you. These cookies will only be stored in your browser with your prior consent.

You can choose to enable or disable some or all of these cookies but disabling some of them may affect your browsing experience.

Currently Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

GDPR and The DBS Check Process

Apply for a DBS Check

The General Data Protection Regulation, usually abbreviated to GDPR, was introduced across Europe in May 2018. Even though the UK had already voted to leave the EU at that point, the GDPR rules still apply. Most businesses are up to speed already with their GDPR responsibilities, but some are still lacking. However, ignoring GDPR legislation could result in huge fines, so it’s a risky practice. Whether you’re involved in DBS checks as an applicant or as someone processing the checks, here’s the basics of what you need to know.

 

GDPR Principles

There are core principles which underwrite GDPR legislation, whatever the type of data which is being processed. These are all about the way companies obtain, store and dispose of your personal information. When it comes to DBS checks, this can be broken down further into three stages.

 

Application

If you’re applying for your DBS check online, then you will have to set up a secure username and password to access the site. This ensures that only you can access the form while you’re completing it, and only you can log back into the site to see how the application is progressing. Another important part of the application stage is to verify your identity, by taking original passports, driving licence or utility bills to your employer. They will return the original documents to you but may take copies.

 

Storing Information

The GDPR legislation is also clear about how important it is to store information properly and safely. This doesn’t just include DBS check information, but also other data such as addresses, bank account details or employee sickness information. The GDPR doesn’t define what secure means, however. A smaller company without computerised records might define secure as locked away in a filing cabinet in the boss’s office. Other companies might scan everything into a computer system, so in these cases secure would mean password protecting areas of the system and putting controls in place to make sure unauthorised people can’t get access to it.

 

Disposing

The GDPR rules also state that companies can’t hold on to information about you for longer than is necessary. In terms of your DBS check certificate, this usually means that you will be allowed to keep the original, rather than handing it over to your employer. Most will have a process whereby they just tick to say they’ve seen it, or some other way of recording what the certificate showed. If you leave your position, then the organisation has a responsibility to delete all of your personal information, or shred it, within a reasonable period of time, usually six months.

 

Penalties for Non-Compliance

If you’re not happy with the way your employer is storing your data, then you have the tight to report them over it. However, this is probably not the best tactic should you wish to keep your job. Report in the first instance to whoever in the organisation has responsibility for GDPR and advise that you are aware of the need for secure storage. Fines under GDPR can be up to 10 million euros.