Companies must adhere to data protection laws when handling sensitive information and it is paramount when processing criminal record checks that a strict code of confidentiality is practiced.
Failure to protect and secure confidential information may not only lead to the loss of business or clients, but it also unlocks the danger of confidential information being misused to commit illegal activity such as fraud.
Confidentiality builds trust between employer and employee and business owners have an obligation to keep staff information secure and trusted. Employees will feel reassured knowing that their personal information is being retained and used appropriately. To have their information shared is not only a breach in privacy, but it will destroy employee trust, confidence and loyalty. It will also cause a loss in productivity.
Strict data protection rules must be followed when managing private information. Currently this is verified by the Data Protection Act (DPA) 1998, however, EU parliament confirmed that the General Data Protection Regulation (GDPR) would replace the existing Act from May 2018.
The GDPR aims to give more people control over how organisations use their data, but hefty penalties of up to €20 million have been introduced for companies that do not comply with the regulations.
There are six main data protection principles that demonstrate the main responsibilities for organisations. These are as follows:
- Lawfulness, fairness and transparency
- Purpose limitations
- Data minimisation
- Storage limitations
- Integrity and confidentiality
If you would like more information on GDPR click here .
As well as GDPR regulations, there are also DBS rules that people need to abide by if they will be receiving information about a person’s criminal record history.
The DBS code of practice states that all bodies registered with the DBS must have a written policy on handling DBS information and their clients will also need to have a policy available to access as they will be viewing all application results.
In short, the policy highlights that organisations should:
- Store DBS information securely
- Comply fully with the code of practice and the data protection laws
- Only give DBS data to individuals who are authorised to receive such information
- Keep information for no longer than is necessary
- Ensure data is accurate and kept up to date
- Process information in a secure manner
If you would like to know more about the DBS code of practice, please click DBS code of practice and you can view the full version of the DBS code of practice.