Become a member Call our safeguarding helpline

Model Handling, Use, Secure Storage, Retention and Disposal of Disclosures and Disclosure Information

General Principles 

As an organisation using the Disclosure and Barring Service (DBS) checking service to help assess the suitability of applicants for positions of trust, [Organisation Name] complies fully with the code of practice regarding the correct handling, use, storage, retention and disposal of certificates and certificate information. It also complies fully with its obligations under the General Data Protection Regulation (GDPR), Data Protection Act 2018 and other relevant legislation pertaining to the safe handling, use, storage, retention and disposal of certificate information and has a written
policy on these matters, which is available to those who wish to see it
on request.

Storage and Access 

Certificate information should be kept securely, in lockable, nonportable, storage containers with access strictly controlled and limited to those who are entitled to see it as part of their duties. Electronic disclosure information is held on a secure password protected system accessible only to those authorised to view it in the course of their duties


In accordance with section 124 of the Police Act 1997, certificate information is only passed to those who are authorised to receive it in the course of their duties. We maintain a record of all those to whom certificates or certificate information has been revealed and it is a criminal offence to pass this information to anyone who is not entitled to receive it.

To note: those registered care homes which are inspected by the Care Quality Commission (CQC), those organisations which are inspected by Ofsted and those establishments which are inspected by the Care and Social Services Inspectorate for Wales (CSSIW ) may retain the certificate until the next inspection.

Once the inspection has taken place the certificate should be destroyed in accordance with the code of practice.


Certificate information is only used for the specific purpose for which it was requested and for which the applicant’s full consent has been given.


Once a recruitment (or other relevant) decision has been made, we do not keep certificate information for any longer than is necessary, giving full consideration to the General Data Protection Regulation, Data Protection and Human Rights of the individual before doing so.

Throughout this time, the usual conditions regarding the safe storage and strictly controlled access will prevail.


Once the agreed retention period has elapsed, we will ensure that any DBS certificate information is immediately destroyed by secure
means, for example by shredding, pulping or burning. While awaiting destruction, certificate information will not be kept in any insecure
receptacle (e.g. waste bin or confidential waste sack).

For disposal of electronic certificate results, the system automatically deletes the result after six months.

Thirtyone:eight acting as an umbrella body

We accept that the Thirtyone:eight Disclosure Service, as our umbrella organisation, has a responsibility to ensure, as far as possible, that we
comply with all the requirements in the DBS Code of Practice, this and other policy statements, and in other DBS procedures and processes. We undertake to keep Thirtyone:eight informed of any changes in our organisation, personnel or practices which could materially affect our ability to work within these expectations.


Change Cookie Choices