The Impact of GDPR on DBS Check Processes

The introduction of GDPR in May 2018 has greatly impacted how businesses store and handle sensitive data, largely for the better.

The following blog discusses how this introduction has impacted the DBS checking process.


The DBS Code of Practice

Several key points of the DBS code of practice should always be noted when handling sensitive information. Four of the most prominent takeaways from the DBS code of practice are:

  • Personal and private data revealed through a DBS check should be stored securely.
  • Do not share DBS data with any unauthorised person or body
  • Do not hold data for longer than needed
  • Ensure the veracity and integrity of data

As a company, if you fail to comply with the DBS code of practice, it can lead to a police investigation and has the potential for further penalty fines.

Impact on the DBS Process

For small to medium-sized businesses, the change in GDPR and its effects on the DBS Check process has caused a few challenges. Due to the size and income of these businesses, they do not have the appropriate legal resources at their disposal.

These businesses must also be granted permission to handle an individual's data for purposes such as a DBS Check, which, as a result of tightened GDPR regulations, can hinder the length of time it takes to complete an employment application.

However, if businesses do not comply with the GDPR rules and regulations appropriately, they could be liable to fines of up to the value of £17 million, which is costly for businesses up and down the country.

Changes to the DBS Check Application Form

Not only has GDPR had an effect on the DBS check process, but it has also caused notable differences in the DBS application form.

When applying for a DBS Check online, you will need to set up an account which includes using a secure username and password to access the site and any information it may hold. The DBS application form now requires more information about an individual's agreement to consent to their data being used and any legal requirements that follow.

By securely logging in online, you can also view the status of your application, ensuring that only you have access to this sensitive information.

Changes to the BDS Check Result

There has also been a change to the way in which DBS check results are determined and shared with applicants. For Standard and Enhanced DBS Checks, the certificates that are awarded upon completion will no longer automatically disclose reprimands, warnings, youth convictions and all spent convictions, even if an individual has more than one conviction.

Organisations must also ensure that these DBS results are only shared with the relevant recipients and that the data is kept secure in the process.

Changes to Retention Periods

Businesses should only retain personal data about an employee or applicant for as long as is necessary for accordance with GDPR regulations. This specific information includes not only names and addresses but also bank account details and employee sickness information.

Impact of GDPR on Employees

If employers choose to ignore GDPR legislation, they could be hit with large fines. Though many businesses are up to speed with GDPR practices, many across the country are still slacking and must tighten these practices in order to avoid the consequences.

Impact on Individuals

As an employee or job applicant, you are within your rights to report an employer for misusing your personal information.

You can ask an organization to grant you access to the data they hold on you, request that it be removed from their database, or control how they use your data in the future.


GDPR rules and regulations have had a huge impact on the DBS check process, with more and more companies implementing extra measures into their data handling process to ensure they are complying.

GDPR, however, has led to a greater amount of protection surrounding personal data and ensures that an individual's data is stored and handled securely on a daily basis.


What is GDPR

GDPR stands for General Data Protection Regulation and is a set of official rules that aim to keep data safe on behalf of an individual or a business as a whole.

When did GDPR come into effect?

GDPR was introduced in 2018, replacing previous data protection regulations to ensure the safety and security of personal data.

Recent blogs

Recommended blogs

Posted in blog, DBS Check, Uncategorized