Global menu

Our global pages


Eversheds comment: Important changes to staff checks and vetting to be introduced

  • United Kingdom


    As of 10 March, Employers risk committing a criminal offence when checking and vetting candidates, employees and contractors, if they do not review, and, if needed, adjust, their approach to obtaining criminal and other relevant records data. Commenting on the new regulations, Mark Fletcher, partner at law firm Eversheds, says:

    "A provision of the Data Protection Act 1998 (DPA) which has lain dormant since the Act came into force, is to be implemented from 10th March 2015 and, for some employers, will impact significantly upon their current employment practices, particularly in the context of recruitment.

    "Section 56 DPA will make “enforced subject access requests” a criminal offence. In an employment context, such requests arise most commonly where an employer requires a prospective employee to apply to the Disclosure and Barring Service personally, by way of a subject access request, and then to disclose the search results. In this way, employers have been able to obtain extensive information regarding the criminal records of employees, job applicants or contractors, including any spent convictions -information to which they would not have had access through DBS.

    "However, from 10th March, enforced subject access requests will no longer be permitted. Any person connected with the recruitment, continued employment or engagement of a contractor, who requires, as a precondition, that the job applicant, employee or contractor obtains and supplies “relevant records” of cautions, criminal convictions and certain social security records, will commit a criminal offence under the DPA. Financial penalty is potentially considerable, not to mention the hidden costs of likely adverse publicity and reputation damage associated with prosecution. Moreover, senior personnel could find themselves personally liable.

    "The implementation of section 56 will not change the existing mechanism for seeking criminal record checks in England and Wales, which will continue to be dealt with by the DBS. However, employers who would have conducted enforced subject access requests previously, will need to bear in mind the restrictions of the DBS system and that they will no longer have access to the same level of information in respect of roles falling outside of the DBS search criteria. For some, this will require a significant change in practice but also mind set. Some checks will still be possible but it will be important to ensure that those checks which will trigger the offence are no longer carried out.

    "The dividing line between protecting an employee’s past and what an employer needs to know legitimately, has proved and remains a contentious one. Even so, there will be many employers who will find this further tightening of data protection enforcement an unwelcome curb upon their recruitment practices. The critical issue for employers in all cases is to understand what types of roles, duties and functions are relevant to their business and to carry out only such checks as are necessary and authorised. The degree of information is itself prescribed according to job-type, so employers will need to assess what type of check is appropriate."


    This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full terms and conditions on our website.

    < Go back

    Print Friendly and PDF
    Register to receive regular updates via email.