Handling DBS Certificate Data

Online applications and advice for CRB Checks, DBS Checks, Basic Disclosure Checks Online.

Handling DBS Certificate Data

Starting a new job means handing over a lot of private information to your employer. They might want to take a copy of your passport to make sure you’re working legally. Payroll will need your national insurance number and bank details. Your new boss might ask for your mobile number, or details of your next of kin. If your new job requires a DBS certificate, your employer might have information about your criminal record too. This type of personal data is the sort of stuff that identity thieves would love to get their hands on. But more than that, would you want everyone in your organisation having access to your bank details or contact number? Not many of us would. So that’s why there are lots of rules about what sort of information your employer can ask for, and how they must store it.

DBS Certificates and Data Protection

There are a couple of issues to think about when it comes to disclosure checks and what you do  with the information. Firstly, employers have to ensure that they are legally allowed to ask for checks. Any person can be asked to apply for a basic disclosure. This sort of check is purely a confirmation of the information on your current criminal record. The more detailed type of check, known as a standard or enhanced disclosure, can only be obtained in connection with certain jobs. So before employers start demanding paperwork and forms, make sure the job qualifies.

Whatever the level of disclosure, the certificates should be handled with care. They often contain information which is very sensitive in nature. The best idea is usually to see the original of the certificate, then give it back to the employee. Take a note of the certificate number for your employer records. Some employers take a photocopy and this is where you need to be careful. Access to DBS information should be restricted and not open to everyone. This means keeping copies of certificates under lock and key, or password protecting it on your network. Penalties for breaching GDPR legislation are very steep.

Protecting Other Information

Most large companies will have lots of experience in dealing with confidential data. Smaller companies might take longer to get up to speed. The basic rules are about restricting access on a “need to know” basis and not keeping it longer than necessary. There is lots of information online about the best way of looking after employee data. Take some of the recommendations and see how you can best adapt them to your needs.

In terms of keeping information, companies also need to draw up a policy about how long to keep information. For example, once an employee has left, there’s probably no justification for keeping bank details. It’s fine to keep details of names of people who did certain jobs, in order to give references in the future. But other information should be deleted promptly. This is a job which the HR team should do rather than being left to individual managers.