How we use DBS related data

How we use, store and dispose of DBS disclosure information.

Compliance with laws

The University uses the Disclosure and Barring Service (DBS) checking service to help assess the suitability of applicants for roles.

The University is fully compliant with the code of practice regarding the correct handling, use, storage, retention and disposal of certificates and certificate information.

The University is also fully compliant with its obligations under the Data Protection Act 2018 and other relevant legislation pertaining to the safe handling, use, storage, retention and disposal of certificate information and has a written policy on these matters. This is available to those who wish to see it on request.

The University will ensure that any body or individual, at whose request applications for DBS certificates are counter-signed, has such a written policy and, if necessary, will provide a model policy for that body or individual to use or adapt for this purpose.

In accordance with section 124 of the Police Act 1997, certificate information is only passed to those who are authorised to receive it in the course of their duties. The University maintains a record of all those to whom certificates, or certificate information has been revealed and it is a criminal offence to pass this information to anyone who is not entitled to receive it.


Personal data provided for the purposes of DBS and disclosure information itself will only be used for the specific purpose for which it was requested and for which the applicant’s full consent will have been obtained.

DBS checks are conducted via a verification site (Verifile). Candidates applying for roles requiring a DBS check, or staff requiring a recheck, will be sent a link to complete the relevant check for their role online.


Once a recruitment (or other relevant) decision has been made, we do not keep certificate information for longer than is necessary. This is generally for a period of up to six months to allow for the consideration and resolution of any complaints or disputes. If, in exceptional circumstances, it is considered necessary to keep certificate information for longer than six months the University will consult the DBS about this and will give full consideration to the Data Protection and Human Rights of the individual before doing so. Throughout this time, the usual conditions regarding the safe storage and strictly controlled access will prevail. Verifile dispose of personal information once checks are completed. Read Verifile’s data privacy statement.


At the end of the retention period, the University will destroy any DBS disclosure information. DBS disclosure information will be kept securely while awaiting destruction. A record of the date of issue of a disclosure, the name of the subject, the type of disclosure requested, the position for which the disclosure was requested, the unique reference number of the disclosure and the details of the recruitment decision taken will, however, be securely stored for monitoring purposes.

Transgender staff members and applicants

Transgender individuals can contact the DBS for a sensitive check which does not reveal their gender identity history. All subjects of a DBS disclosure request will be made aware of the DBS Code of Practice.

DBS checks from previous employers

The University will accept portability of DBS checks which individuals may have from previous employers as proof of security clearance when all of the following apply:

For new staff, clearance must be in place before they start work.

For existing employees, clearance must be in place before starting any project or new role involving regulated activity.

DBS logo

The DBS logo is protected by crown copyright and use of the DBS logo is not permitted without prior approval of the DBS.