The Information Commissioner’s Office (ICO) is conducting a survey to better understand where there may be gaps in organisations’ understanding of processing criminal conviction data – including undertaking DBS checks.
If you are an organisation who currently, or may in the future, conduct DBS checks or process any other type of criminal conviction data, we would encourage you to contribute to the consultation before it closes, on Friday 28 February 2020.
There are a number of complex laws which govern whether organisations can access and process criminal conviction data. It is often difficult for organisations to work out when they can conduct DBS checks, what level of checks are permitted and what their obligations are under data protection regarding the processing of criminal conviction data. It is not acceptable, for example, to undertake blanket DBS checks on employees or prospective employees, students, or volunteers without an organisation having a legal basis for doing so.
Whatever the reason for processing criminal conviction data – safeguarding vulnerable individuals, checking suitability for employment, or volunteering opportunities or assessing eligibility for services – the GDPR and the Data Protection Act 2018 have highlighted the importance of ensuring that this data is processed for the correct reasons and in accordance with the relevant legislation and guidance.
The problem is often working out exactly what that is. We advise a variety of organisations on how and when it is appropriate to undertake DBS checks and process information about criminal convictions and offences – from public and third sector clients in education, social housing, utility regulation and local government, to private sector clients whose contracts require DBS checks or those who still wish to conduct basic DBS checks on their workforce.
If this sounds familiar – we urge you to respond to the ICO’s survey in the hope that it will encourage the production of improved guidance and clarity in this area.