DBS Checks and GDPR – How is information safely handled?

Criminal background checks have become a normal part of the overall recruitment process for many professions. Most of these checks are carried out via the DBS (disclosure and barring service,) a non-departmental government body.

While DBS checks have largely become a part of modern life, it’s still natural to be worried about how our data and personal information are handled. Luckily, with strict regulations in place managing how organisations deal with personal data, notably GDPR, you needn’t be overly concerned.

Lawful basis

DBS checks

First of all, under GDPR, all organisations need to have a legal basis to gather and process any personal data. With DBS checks, the legal basis tends to fall under a wide range of legal obligations to ensure the protection of other individuals, whether co-workers or clients of the business in question.

Still, a lawful basis is not a sufficient stand-in for consent. With DBS checks, the individual providing their personal information to be checked must consent to the check, normally in writing. Recognised organisations are often used by businesses who need to carry out a lot of checks, to ensure ongoing regulatory compliance.

Data minimisation

Under GDPR, organisations are only allowed to collect personal data that is necessary for the task at hand. When it comes to DBS checks, that means only asking for information relevant to the check itself – asking for access to other, unrelated information would potentially be considered a breach of regulations.

Secure storage

DBS checks

Thanks to GDPR, any personal information that’s collected during a DBS check must be stored in a highly secure manner, to prevent data leaks or other instances of unauthorised access. This means implementing both digital and physical data protection policies to ensure that all information is protected to a high standard. Organisations that fail to meet these standards can face legal consequences.

Data retention limits

DBS checks

All personal data that’s collected by an organisation, whether at each stage of a DBS check or other purposes, must not be retained for longer than absolutely necessary. This means that organisations have a legal duty not to retain any applicant’s data other than for reasons in line with data protection and regulatory requirements. Once information is no longer needed, it should be properly disposed of, whether that means securely erasing digital copies or shredding paper documents.

Training

DBS checks

To ensure that these principles are adhered to, organisations that process DBS checks need to provide their members of staff with extensive training on data protection principles. This training is regularly updated, to ensure that staff are aware of things like the current risks surrounding data breaches and ongoing changes to best practices.

On the one hand, this should provide individuals who need to have a DBS check carried out with a high level of confidence that their data will be handled securely, according to strict legal guidelines. On the other hand, it should be a warning for organisations that aren’t currently operating to these standards, a reminder of the high legal consequences associated with sub-par data management policies.

Images courtesy of unsplash.com and pexels.com

For more Features with H&N Magazine

Share:

Facebook
Twitter
Pinterest

Most Popular