0300 140 0022
< Back to Resources

All you need to know about the DBS Code of Practice

When you receive DBS check information about one of your employees or potential employees, it’s your responsibility to follow the code of practice outlined by the DBS. Our employment law experts are here to help you understand all you need to know about the DBS code of practice and to explain the use of a DBS consent code.

What is the DBS Code of Practice?

The DBS code of practice is essentially a set of rules that all employers must follow when handling sensitive information from a DBS certificate.

The code of practice says: “The Code of Practice applies to all Registered Bodies with the Disclosure and Barring Service (DBS) under section 120 of the Police Act 1997 (Registered Bodies) and recipients of Update Service information under section 116A of the Police Act 1997. This includes those Registered Bodies that provide an umbrella function to non registered organisations. The Code refers to any information exchanged between DBS and the Registered Body“.

What does the DBS Code of Practice state?

Let’s run through some of the most significant points from the DBS code of practice, so you can make sure your organisation is handling DBS data correctly. 

Written policy

You must have a written policy that outlines how you securely handle the information provided by the DBS. This could be done electronically, and it should be accessible to anybody you’re asking to complete a DBS application form. By having a policy in place, you make sure that you have all the processes and procedures set out to handle this sensitive information and stay in line with the Data Protection Act 1998.

Disclosing information to irrelevant individuals

When you receive information from the DBS about an employee, you shouldn’t “disclose information to any member, officer or employee where it is not related to that employee’s duties”. The only way this changes is unless a relevant legal exception applies. Don’t risk a penalty. Keep this information between you and only the people who need to know. 

Holding data no longer than necessary

Once the DBS is complete and you’ve made a decision on whether you’re going to hire them, you should only keep the DBS certificate information for no longer than six months. This is a data handling procedure set out in the DBS code of practice that makes sure companies don’t keep hold of information any longer than what’s needed. 

The DBS code of practice covers eight areas of obligation. These are:

  • Registration Details
  • Application Process
  • Identity Verification
  • Data Handling
  • Suitability Policy
  • Payment of Fees
  • Eligibility
  • Compliance Requests

Why is it important to follow the DBS code of practice?

It’s vital that you uphold the conditions in the DBS code of practice for many reasons relating to both you and your employee/applicant. For one, it means that you can handle and store this important information correctly, helping you avoid any fines or penalties. Not following the DBS code of practice could result in enforcement action being taken against you from the Information Commissioner’s Office (ICO) if the Data Protection Act has been breached. So keep your business’ reputation at its best and follow the DBS code of practice.

What is a DBS consent code?

A DBS consent code is a unique code that an employee/applicant can share with you to let you view their certificate online. The DBS share code for employers only means that you can view the person’s certificate — it must not be printed.

DBS checks with uCheck

Get your employee’s DBS checks with uCheck! We provide numerous levels of DBS checks including Basic, Standard and Enhanced. And with our simple pay-as-you-go billing, you only pay for what you need.

With uCheck, you get:

  • Rapid turnaround – 24/48 hours on average
  • Trusted by over 30,000 happy customers
  • Secure, Home Office approved system

Please don’t hesitate to get in touch with us if you have any more questions – we’d be more than happy to help.

Our blogs are advisory in nature and reflect uCheck Limited’s current thinking about best and common practice in the subjects discussed.

The information contained in our blogs have been provided for information purposes only. This information does not constitute legal, professional, or commercial advice. Whilst every care has been taken to ensure that the content is up to date, useful and accurate, uCheck gives no guarantees, undertakings, or warranties in this regard, or, for any loss or damage caused arising directly or indirectly in connection with reliance on the use of such information.

uCheck Logo