DBS Checks And GDPR – Is Your Data Protected?
In May 2017, the European Union enacted GDPR legislation, which gives thorough guidelines on how businesses and organisations should handle people’s personal and private data. GDPR stands for General Data Protection Regulation.
Since the UK has left the EU in 2020 under the Brexit agreement, the guidance hasn’t changed and UK businesses and organisations are still required to follow GDPR guidelines.
The question is – how does GDPR affect or influence DBS checks?
This article will seek to answer that question and give you details on how your data is handled by the DBS and third party online DBS check providers – like us.
What Exactly Is GDPR?
GDPR is a framework drawn up by the EU to help protect individual’s data and remove the potential for misuse or exploitation by governments or big-data companies.
In basic terms, GDPR sets out guidance to limit the type and amount of data that organisations can collect, store, use, and share electronically. It also allows individuals to find out what data is being collected on them and how it is being used, thus increasing transparency.
GDPR regulations were four years in the making, as it involved the complex task of bringing together data privacy laws from all the different EU member states to create a cohesive set of rules and guidelines.
Due to the fact that DBS checks, by their nature, involve searching through personal data and sharing it with third parties, the DBS process check process has undoubtedly been affected by GDPR.
At the moment, in the UK, the DBS is applying the GDPR rules to their operations, but in the post-Brexit landscape this may change if UK-specific legislation is passed through parliament.
Let’s take a look at how GDPR has influenced the DBS check process.
The Effect of GDPR on DBS Checks
As mentioned previously, GDPR has changed the way DBS checks are carried out, specifically with regard to the gathering and sharing of personal data.
According to UK law, registered DBS check bodies (such as us) need to be in compliance with GDPR guidance. The main requirement of GDPR is regarding consent. All registered DBS check providers need to ask individuals applying for a DBS check to do the following:
- Confirm that they have read the relevant Processing Privacy Policy for either a basic, standard, or enhanced DBS check, and understood it fully.
- Consent to the Registered Body gathering personal data from the applicant and sharing it with appropriate third-parties electronically. In other words, granting permission to share the DBS result with the employer and potential employer.
- Sign a statement to agree that all the information provided by the applicant for the DBS check is honest and accurate.
What If You Decline To Consent?
Maybe you have concerns about sharing your personal information and data with a third party online. When it comes to us, you don’t need to be concerned as we comply fully with GDPR.
However, if you do not want to consent to the organisation handling your data, the only alternative for you is to apply for a DBS check by post, using a paper form. The downside of this is that it takes much longer to get your results, usually a minimum of two weeks, while online DBS checks send results usually within 24 hours.
If you have any questions about online DBS check applications or about our GDPR and data privacy policies, then get in touch.