Personal information charter

Our personal information charter summarises what you can expect from us in regards to your personal information.


The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 govern the processing of personal data held on individuals.

Disclosure and Barring Service Privacy Statement

The Disclosure and Barring Service (DBS) is fully committed to complying with GDPR and the Data Protection Act 2018. When handling your personal data, the DBS will:

  • make sure you know why we need this information
  • only ask for information that we need
  • ensure only those appropriate have access to it
  • store your information securely
  • inform you if the information will be shared with a third party
  • ask you to agree to us sharing your information where you have a choice
  • only keep your information for as long as we need to

These principles apply whether we hold your information electronically or on paper.

The DBS Privacy Policies explain your rights as a DBS customer under GDPR, in relation to our statutory functions. The policies explain why we need your personal data, what we do with it and what you can expect from us in terms of data protection.

The DBS carries out privacy impact assessments for any new or changed services provided to you as a customer. This process helps the DBS to identify, assess and reduce any risks relating to your privacy when using our services.

Subject access

A subject access request to the DBS will provide you with a copy of information we hold about you. This could be information that has been obtained if you have been through the disclosure service, or if you have been referred to the barring service. Exemptions may apply.

The DBS doesn’t own the Police National Computer (PNC) record of convictions. The police own and maintain all information on the PNC. To obtain a copy of the records they hold about you, please contact the police.