The very last stage in the DBS process is getting that certificate through the post. Usually, there are no surprises. You know what convictions and cautions you have – if any – and these are reflected on the certificate. If there are errors, then it’s usually straightforward to get them corrected. If your DBS check is in connection with a new job, then your employer will want to see your paperwork too. Should your certificate show you have convictions and cautions, then it’s natural to want to keep that information private. So what exactly should employers do?
DBS Certificates and Personal Data
There has been lots in the news recently about personal data. The UK law changed in summer 2018, along with the law in the rest of the EU. This new law is the GDPR – General Data Protection Legislation. This law is all about protecting personal information and data held by companies. And it doesn’t get much more personal than your criminal record. The rules apply to all sorts of organisations, not just employers. The law is very long and very complicated and you don’t need to understand the whole thing. Suffice to say that your employer has a legal obligation to protect your data. But what exactly does “protecting your data” look like in practical terms?
Managing Personal Data
Each company has its own way of operating, and for this reason the law is fairly flexible. Companies should have written policies detailing what they do to protect personal information about their staff and customers. There are two main issues when it comes to GDPR and DBS checks: access and security.
Access – this is about which people in the company have access to DBS information. The best advice is that access should be on a “need to know” basis. In most cases, access should be restricted to the person the HR department responsible for the recruitment and the applicant’s line manager.
Security – Companies also have to keep all personal information safe and secure. That means not leaving certificates, identity documents and other personal details lying around on desks. If the organisation keeps paper records, then they should be stored under lock and key. And obviously, only people who need to see the records should be able to get into the filing cabinet. If records are stored digitally, then they should be password protected. Sharing passwords between members of staff should be strongly discouraged.
Keep Your Certificate Safe
You have to take some responsibility in all this too. Employers generally do not keep original disclosure certificates. They will take a note of the information on the form, then return the original for you to keep. Keep it somewhere safe in case you need it again in the future. The one problem with disclosure certificates is that they are not updated should any further information come to light. They don’t expire, but that doesn’t mean you can just keep using the same one. If you think you’re going to need to apply for a basic disclosure several times over the course of a year, consider signing up for the Update service instead.