The Data Protection Act 2018 applies to personal information - data about living, identified or identifiable individuals, including information such as names and addresses, bank details, and opinions expressed about an individual.
There are six data protection principles. Information should be:
- lawfulness, fairness and transparency - you must process personal data that you collect on individuals in a lawful, fair and transparent manner
- purpose limitation - you must only collect personal data for a specific, explicit and legitimate purpose and you must clearly state what this purpose is and only hold the data for as long as necessary to complete that purpose
- data minimisation - you must ensure that personal data you process is adequate, relevant and limited to what is necessary in relation to your processing purpose
- accuracy - you must take every reasonable step to update or remove data that is inaccurate or incomplete and individuals have the right to request that you erase or rectify erroneous data that relates to them
- storage limitation - you must delete personal data when you no longer need it and timescales are dependent on your business' circumstances and the reasons why you collect this data
- integrity and confidentiality - you must keep personal data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage
The use of sensitive information - including information that might be disclosed during a criminal records check - is more tightly controlled. For further information, see ICO guidance on criminal offence data.
Guidelines to follow
There are some guidelines you should keep in mind in relation to pre-employment checks.
- only carry out checks which are necessary
- think carefully about the best point in the process to carry out the different checks
- where possible, only check the successful applicant
- let applicants know what checks will be made and how they will be carried out
- make sure that checks are carried out for a specific purpose
- only use sources which will reveal relevant information
- only rely on information that comes from sources you trust
- give the candidate the chance to explain if a check reveals adverse information about them
- if a third party is to be involved in the process - eg a previous employer not listed as a referee - let the applicant know
Any information you gather in the process of making your pre-employment checks must be kept securely and confidentially. Any information gathered must not be kept for longer than is needed for its legitimate purpose.
The candidate has the right to ask to see any information you hold on them which you must supply within one month of receiving the request. This information will be provided free of charge, however, where requests are manifestly unfounded or excessive you can charge a reasonable fee for the administrative costs of providing the information.
Structure your business
Name your business
Register your business
Choose your premises