Even if you’re not sure what it means, you’ll have heard people talking about GDPR. In simple terms, GDPR is a Europe-wide beefing up of the data protection rules. Companies are restricted in what information they keep, and how they keep it. GDPR – which stands for General Data Protection Regulation – is of particular importance when it comes to DBS checks.
So what’s GDPR all about?
GDPR is a way of bringing all data processing law across the European Union into line. The key concept in the legislation is consent. Companies have to be really clear about what information they’re asking for, and why. It’s no longer enough to have a “tick this box if you don’t want to hear from us” option, companies must ask customers to opt in to marketing calls or emails. The other main change in the legislation is around fines, which are much higher than under the previous system. The new GDPR law came into effect at the end of May 2018, and most companies have made all the necessary changes. As an employee, you probably won’t see much difference. But when it comes to processing your DBS check, there are some important changes which everyone needs to be aware of.
DBS Checks and GDPR
The main change is that employers are no longer able to decide to run basic disclosure checks on all employees, irrespective of their role. Even employers who ask permission to run DBS checks on all workers will probably find themselves outside the law.
When asking a new employee for a DBS check, employers have to explain clearly what the process is about, and why the person is being asked for a check. The applicant also has the right to decline to have the DBS check. Of course the employer can also decline to offer the job.
Secure Storage of DBS Information
GDPR also requires that employers store your information securely. There’s lots very sensitive personal information on a DBS form. It’s important that forms and identification documents aren’t left lying around in the office for everyone to take a look at. Paper copies of DBS records should be locked away securely, with access restricted to people who need to see it. If companies store information on a computer rather than in a filing cabinet, it needs a secure password. One thing which hasn’t changed is that the original DBS certificates shouldn’t be kept by the employer. Return them to the applicant for them to decide how to keep them.
Not Happy About How Your Employer is Doing Things?
Don’t be afraid to raise concerns with your employer if you are worried. Most large employers will have written data protection policies for you to look at. If you’re still not happy about how they are looking after your sensitive information, then speak to the company’s Data Protection officer. There is lots of guidance and information online about the law surrounding GDPR if you’re interested in reading more about the topic.
