Office opening hours: 8.30am to 5.30pm Monday to Friday. Offices closed on Bank Holidays.
Home Menu Search

DBS: Retention and Disposal of Disclosures & Disclosure Information Policy Statement / GDPR Requirement

Privacy Policy - Standard/Enhanced Checks (paper and e-Bulk applications) Declaration

Please be advised that as part of the application process, both applicants and the third party evidence checker will be required to read and agree to the following:

I confirm I have read the Standard/Enhanced Check Privacy Policy for applicants and I understand how DBS will process my personal data and the options available to me for submitting an application.

Applicants will be directed to this link when completing their online application. Third party evidence checkers will be reminded of this link when signing to agree they have seen the applicants original identity documents.

General Principles

As an organisation using the DBS (ex-Criminal Records Bureau) Disclosure service to help assess the suitability of applicants for positions of trust, Wessex Local Medical Committees Limited complies fully with the DBS (CRB) Code of Practice regarding the correct handling, use, storage, retention and disposal of certificates and certificate information. It also complies fully with its obligations under the Data Protection Legislation and other relevant legislation pertaining to the safe handling, use, storage, retention and disposal of certificate information and has a written policy on these matters, which is available to those who wish to see it on request. 

Storage and Access 

Certificate information is kept securely, in lockable, non-portable, storage containers with access strictly controlled and limited to those who are entitled to see it as part of their duties. 


In accordance with section 124 of the Police Act 1997, certificate information is only passed to those who are authorised to receive it in the course of their duties. We maintain a record of all those to whom certificates or certificate information has been revealed and it is a criminal offence to pass this information to anyone who is not entitled to receive it. 

CQC Guidance

Whilst original DBS (CRB) checks do not need to be retained for the purposes of inspection, the top third of the check certificate should be retained as evidence that a DBS (CRB) certificate has been obtained provided that this does not include details of offences. (In exceptional circumstances where a large number of offences are listed on the check, the listing of offences continues onto the reverse of the top third section; in these circumstances the top third should not be retained once the recruitment decision has been made.).

The Health and Social Care Act 2008 (Regulated Activities) Regulations 2010 requires providers to maintain appropriate records in relation to persons employed for the purposes of carrying on the regulated activity. In relation to DBS (CRB) and ISA checks, it would be appropriate to maintain the following records to demonstrate compliance with the legal requirements:

  • The date of issue of the check
  • The name of the subject
  • The date of birth of the subject.
  • The type of check requested.
  • Whether the children's and/or adults barred list was checked and the outcome.
  • The position for which the check was requested.
  • The unique reference number of the check, and.
  • The details of the employment decision taken.

NB:  From early in 2013 Employers no longer receive a copy of the check but they need to ask to see the individual's certificate and to keep a record of the relevant details as listed above.


Certifcate information is only used for the specific purpose for which it was requested and for which the applicant’s full consent has been given. 


Once a recruitment (or other relevant) decision has been made, we do not keep certificate information for any longer than is necessary. This is generally for a period of up to 6 months, to allow for the consideration and resolution of any disputes or complaints. If, in exceptional circumstances, it is considered necessary to keep certificate information for longer than 6 months, we will consult the DBS (CRB) about this and will give full consideration to the Data Protection and Human Rights of the individual before doing so. Throughout this time, the usual conditions regarding the safe storage and strictly controlled access will prevail. 


Once the retention period has elapsed, we will ensure that any certificate information is immediately destroyed by secure means, i.e. by shredding, pulping or burning. While awaiting destruction, certificate information will not be kept in any insecure receptacle (e.g. waste bin or confidential waste sack). We will not keep any photocopy or other image of the certificate or any copy or representation of the contents of a certificate. However, notwithstanding the above, we may keep a record of the date of issue of a certificate, the name of the subject, the type of certificate requested, the position for which the certificate was requested, the unique reference number of the certificate and the details of the recruitment decision taken. 

Acting as an Umbrella Body 

Before acting as an Umbrella Body (one which countersigns applications and receives certificate information on behalf of other employers or recruiting organisations), we will take all reasonable steps to satisfy ourselves that they will handle, use, store, retain and dispose of certificate information in full compliance with the DBS (CRB) Code and in full accordance with this policy. We will also ensure that any body or individual, at whose request applications for DBS (CRB) certificates are countersigned, has such a written policy and, if necessary, will provide a model policy for that body or individual to use or adapt for this purpose.

This page appears in...

About this page...

Updated on Wednesday, 25 May 2022 6403 views