DBS: Retention and Disposal of Disclosures & Disclosure Information Policy Statement / GDPR Requirement
Please be advised that, as part of the application process, both applicants and the third party evidence checker will be required to read and agree to the following:
Applicants should be directed to this link when completing their online application. Third party evidence checkers will be reminded of this link when signing to agree that they have seen the applicant’s original identity documents.
As an organisation using the DBS (ex-Criminal Records Bureau) Disclosure service to help assess the suitability of applicants for positions of trust, Wessex Local Medical Committees Limited and Cantium Business Solutions Limited (Cantium) comply fully with the DBS (CRB) Code of Practice regarding the correct handling, use, storage, retention and disposal of certificates and certificate information. They also comply fully with their obligations under the Data Protection Legislation and other relevant legislation pertaining to the safe handling, use, storage, retention and disposal of certificate information and have written policies (see also Service Level Agreement) on these matters, which are available to those who wish to see it on request.
Storage and Access
Any certificate information that the LMC was party to before it launched its online service, is kept securely in lockable, non-portable, storage containers with access strictly controlled and limited to those who are entitled to see it as part of their duties.
In accordance with section 124 of the Police Act 1997, certificate information is only passed to those who are authorised to receive it in the course of their duties. Cantium maintains a record of all those to whom certificates or certificate information has been revealed and it is a criminal offence to pass this information to anyone who is not entitled to receive it. After 6 months, Cantium securely purge all information except the name of the applicant and the practice name.
Whilst original DBS (CRB) checks do not need to be retained for the purposes of inspection, the Health and Social Care Act 2008 (Regulated Activities) Regulations 2010 requires providers to maintain appropriate records in relation to persons employed for the purposes of carrying on the regulated activity. In relation to DBS (CRB) and ISA checks, it would be appropriate to maintain the following records to demonstrate compliance with the legal requirements:
- The date of issue of the check
- The name of the subject
- The date of birth of the subject.
- The type of check requested.
- Whether the children’s and/or adults barred list was checked and the outcome.
- The position for which the check was requested.
- The unique reference number of the check, and.
- The details of the employment decision taken.
NB: From 2013, employers no longer receive a copy of the check but they need to ask to see the individual’s certificate and to keep a record of the relevant details as listed above.
Certificate information is only used for the specific purpose for which it was requested and for which the applicant’s full consent has been given.
Retention and Disposal
Any information pre-dating Wessex LMC’s online service will be retained and destroyed securely in line with its Information Retention and Disposal Policy, which is available on request.
Wessex LMCs will not store any information relating to the online service. Cantium will purge information daily based on the application being in the archived status for 6 months. Only the applicant name, disclosure details and business user (organisation) details will be retained. This information will be retained securely by Cantium for the duration of its contract with Wessex LMCs plus a further six years, after which time, it will also be purged.
Acting as an Umbrella Body
Before acting as an Umbrella Body (one which countersigns applications and receives applicant information on behalf of other employers or recruiting organisations), the LMC will take all reasonable steps to satisfy themselves that the client will handle, use, store, retain and dispose of certificate information in full compliance with the DBS (CRB) Code and in full accordance with this policy. The LMC will also seek to ensure that any body or individual, at whose request applications for DBS (CRB) certificates are countersigned, has such a written policy and, if necessary, will provide a model policy for that body or individual to use or adapt for this purpose.
This policy should be read in conjunction with the Client Agreement at: DBS: Wessex LMC and Client Agreement