DBS Check Consent Form (UK)
Disclosure and Barring Service — Application Consent and Privacy Notice
Date: [Form Date]
REQUESTING ORGANISATION:
[Organisation Name]
[Org Address], [Org City], [Org Postcode]
HR Contact: [Org Contact]
APPLICANT:
Full name: [Applicant Name]
Date of birth: [Applicant DOB]
Current address: [Applicant Address]
Email: [Applicant Email]
1. PURPOSE OF THIS FORM
This form sets out the consent of [Applicant Name] (the "Applicant") for [Organisation Name] (the "Organisation") to apply for and receive the results of a Disclosure and Barring Service ("DBS") check in connection with the following role:
Role: [Role Name]
Duties: [Role Description]
The Organisation is requesting [Check Type] in respect of [Workforce Type].
The DBS is an executive agency of the Home Office established under the Protection of Freedoms Act 2012 to carry out disclosure and barring functions previously undertaken by the Criminal Records Bureau (CRB) and the Independent Safeguarding Authority (ISA). DBS checks are conducted under Part V of the Police Act 1997 and the Safeguarding Vulnerable Groups Act 2006.
2. REHABILITATION OF OFFENDERS ACT 1974
The Rehabilitation of Offenders Act 1974 ("ROA") provides that certain criminal convictions become 'spent' after a rehabilitation period and need not be disclosed in most circumstances. However, under the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (as amended by the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (Amendment) (England and Wales) Order 2013), specified roles in areas including healthcare, education, childcare, and regulated activity with vulnerable adults are exempt from the protections of the ROA.
For the role specified above, the Applicant may be required to disclose spent convictions, cautions, reprimands, and final warnings that would otherwise be protected under the ROA, to the extent required by the level of DBS check specified in clause 1 above and applicable legislation. The Applicant should be aware that certain minor convictions and cautions are now filtered and will not appear on a DBS certificate, in accordance with the DBS filtering rules following the Supreme Court's decision in R (P and A) v Secretary of State for the Home Department [2019] UKSC 3.
If the Applicant wishes to self-disclose any relevant convictions, cautions, or other information in advance of the DBS certificate being issued, they should do so in writing to [Org Contact] [Self-Disclosure Deadline].
3. DATA PROTECTION AND PRIVACY NOTICE (UK GDPR / DATA PROTECTION ACT 2018)
The Organisation is required under the UK General Data Protection Regulation (UK GDPR) as incorporated into domestic law by the Data Protection Act 2018 ("DPA 2018") to inform the Applicant about the processing of their personal data, including criminal records data disclosed in the DBS certificate.
3.1 Data Controller
The data controller is [Organisation Name], [Org Address], [Org City], [Org Postcode]. Any queries about the processing of your personal data should be directed to [Org Contact].
3.2 Categories of Data Processed
The Organisation will process the following personal data in connection with the DBS check: (a) identification data (name, date of birth, addresses for the last 5 years, identity documents); (b) criminal records data disclosed in the DBS certificate (convictions, cautions, reprimands, final warnings, and, where applicable, barred list status); and (c) any information voluntarily disclosed by the Applicant in advance of the DBS certificate being issued.
3.3 Lawful Basis for Processing
The lawful basis for processing personal data under Article 6 of the UK GDPR is [Gdpr Basis]. The processing of criminal records data (a special category under Article 10 of the UK GDPR) is authorised by [Schedule1 Condition] of Schedule 1 to the DPA 2018 and the DBS Code of Practice issued under section 122 of the Police Act 1997.
3.4 Use of DBS Certificate Information
The information disclosed in the DBS certificate will be used by the Organisation solely for the purpose of assessing the Applicant's suitability for the role specified above, in accordance with the Organisation's safer recruitment policy and the DBS Code of Practice. The Organisation will not use the DBS certificate information for any other purpose.
3.5 Retention
In accordance with the DBS Code of Practice and the Organisation's data retention policy, the Organisation will retain a record of the DBS certificate reference number, the date of issue, and the level of check carried out for a period of [Retention Period]. A copy of the DBS certificate itself will not be retained by the Organisation beyond a maximum of 6 months from the date of issue, unless specifically required to do so by law.
3.6 Applicant Rights
The Applicant has the following rights under the UK GDPR: (a) the right of access to personal data held about them; (b) the right to rectification of inaccurate data; (c) the right to erasure in certain circumstances; (d) the right to restrict processing; and (e) the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk. Requests to exercise these rights should be directed to [Org Contact].
4. RIGHT TO CHALLENGE DBS CERTIFICATE INFORMATION
If the Applicant believes that any information disclosed on the DBS certificate is inaccurate or should have been filtered under the DBS filtering rules, the Applicant has the right to dispute the information directly with the DBS. Details of the DBS disputes process are available at gov.uk/dbs-check-applicant-guidance. The Organisation will take reasonable steps to ensure that the Applicant is given the opportunity to review their DBS certificate before any employment or engagement decision is made on the basis of its content.
5. APPLICANT'S CONSENT AND DECLARATION
I, [Applicant Name], confirm that:
- I consent to [Organisation Name] applying for and receiving the results of [Check Type] as described in this form.
- I have read and understood this Consent Form and the Privacy Notice at clause 3 above.
- I consent to my personal data, including criminal records data disclosed in the DBS certificate, being processed by [Organisation Name] for the purposes described in this form and in accordance with the DPA 2018 and UK GDPR.
- I understand that the information disclosed in my DBS certificate may be used to assess my suitability for the role specified above.
- I understand that I have the right to challenge any information disclosed on my DBS certificate through the DBS disputes process.
- I understand that I may have an obligation to disclose relevant information in advance in accordance with clause 2 above.
- The information I have provided on this form is accurate and complete to the best of my knowledge.
This form is governed by the laws of England and Wales. The processing of personal data is governed by the Data Protection Act 2018 and UK GDPR as applicable in England and Wales.
APPLICANT'S SIGNATURE
Signed: ______________________________
Full name: [Applicant Name]
Date of birth: [Applicant DOB]
Date: ______________________________
FOR ORGANISATION USE:
Received by: ______________________________
On behalf of: [Organisation Name]
Date received: ______________________________
DBS application reference: ______________________________
Applicant
________________
Signature
Date: ________________
Organisation Representative
________________
Signature
Date: ________________
What Is a DBS Check Consent Form (UK)?
A DBS Check Consent Form in the United Kingdom gives written permission for a specific act and records the scope and limits of the consent provided, as regulated by the Protection of Freedoms Act 2012.
The Disclosure and Barring Service (DBS) is an executive agency of the Home Office established under the Protection of Freedoms Act 2012 to consolidate the criminal records disclosure functions previously performed by the Criminal Records Bureau (CRB) and the Independent Safeguarding Authority (ISA). The DBS issues disclosure certificates under Part V of the Police Act 1997 at four levels: Basic, Standard, Enhanced, and Enhanced with Barred List check.
DBS checks are not available for every role. The level of check that can be requested for any given position is determined by whether the role falls within the scope of the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (as amended), and whether it constitutes 'regulated activity' with children or vulnerable adults under the Safeguarding Vulnerable Groups Act 2006 (as amended by the Protection of Freedoms Act 2012). Requesting a DBS check at a level not appropriate for the role is a criminal offence under section 123 of the Police Act 1997.
Our UK DBS Check Consent Form template is drafted in compliance with the DBS Code of Practice (issued under section 122 of the Police Act 1997), the UK GDPR, the Data Protection Act 2018, and the Rehabilitation of Offenders Act 1974. It includes a full privacy notice, an explanation of the applicant's rights, and a clear consent declaration.
The legal framework governing the DBS Check Consent Form (UK) in United Kingdom draws on several key statutes and regulatory bodies. Under the Employment Rights Act 1996, the Employment Tribunal adjudicates workplace disputes. Section 94 of the Employment Rights Act 1996 provides the right not to be unfairly dismissed. The Advisory, Conciliation and Arbitration Service (ACAS) provides early conciliation under Section 18A of the Employment Tribunals Act 1996. The UK GDPR and Data Protection Act 2018 govern personal data handling. HM Revenue and Customs (HMRC) administers PAYE and National Insurance contributions under the Income Tax (Earnings and Pensions) Act 2003. Parties executing a DBS Check Consent Form (UK) in United Kingdom should confirm the document reflects current law, including any amendments enacted since the original drafting date. The Employment Rights Act 1996 sets the foundational requirements.
When Do You Need a DBS Check Consent Form (UK)?
A DBS Check Consent Form is required in England and Wales whenever an organisation wishes to apply for a DBS certificate in respect of a prospective or existing employee, volunteer, contractor, or trustee. The consent and privacy notice requirements arise under the UK GDPR and the DBS Code of Practice, both of which require that the applicant be informed about and consent to the processing of their criminal records data before the DBS application is submitted.
DBS checks are most commonly required in sectors involving contact with children or vulnerable adults, including: schools, nurseries, and childcare settings (where an Enhanced DBS check with Barred List is typically required for all staff in regulated activity); adult social care providers, care homes, and domiciliary care agencies; NHS trusts and private healthcare providers; voluntary organisations and charities working with children or vulnerable groups; religious organisations running activities for children or young people; sports clubs and leisure facilities with junior or vulnerable adult members; and licensed premises requiring a personal licence under the Licensing Act 2003.
A Basic DBS check is appropriate for any role where the employer wishes to verify that the applicant does not have relevant unspent convictions, and is available even where the role is not exempt from the Rehabilitation of Offenders Act 1974.
Organisations must not request a DBS check at a higher level than is permitted for the role, as this constitutes a criminal offence. The DBS eligibility guidance (available at gov.uk/government/publications/dbs-check-eligible-positions-guidance) should be consulted before deciding the appropriate level of check. Umbrella bodies can also assist in determining eligibility.
Parties in United Kingdom should prepare a DBS Check Consent Form (UK) proactively rather than waiting for a dispute to arise. Courts interpret agreements based on the written terms rather than oral representations. Under the Employment Rights Act 1996, the Employment Tribunal adjudicates workplace disputes. Section 94 of the Employment Rights Act 1996 provides the right not to be unfairly dismissed. The Advisory, Conciliation and Arbitration Service (ACAS) provides early conciliation under Section 18A of the Employment Tribunals Act 1996. The UK GDPR and Data Protection Act 2018 govern personal data handling. HM Revenue and Customs (HMRC) administers PAYE and National Insurance contributions under the Income Tax (Earnings and Pensions) Act 2003. Where the transaction involves regulated activities, prior approval from the relevant authority may be required before execution.
What to Include in Your DBS Check Consent Form (UK)
A compliant DBS Check Consent Form for use in England and Wales must include the following essential elements to satisfy the requirements of the DBS Code of Practice, the UK GDPR, and the Data Protection Act 2018.
The identification of the organisation and applicant establishes who is requesting and who is consenting to the DBS check. The organisation should be identified by its full registered name and address, and the applicant by their full legal name, date of birth, current address, and contact details. Date of birth is a mandatory field on the DBS application form.
The role description clearly identifies the position for which the DBS check is being requested, including a brief description of the duties, particularly any contact with children or vulnerable adults. This information is essential to justify the level of check requested and to demonstrate compliance with eligibility requirements.
The type of DBS check specifies whether a Basic, Standard, Enhanced, or Enhanced with Barred List check is being requested. The workforce category (children's, adults', or both) must be stated for Standard and Enhanced checks, as this determines which barred list(s) are searched.
The Rehabilitation of Offenders Act 1974 disclosure explains to the applicant whether the role is exempt from the ROA, and therefore whether they are required to disclose spent convictions or cautions. It should also explain the DBS filtering rules so that applicants understand which matters will not appear on the certificate.
The UK GDPR privacy notice is mandatory under Articles 13 and 14 of the UK GDPR and must specify: the identity of the data controller; the lawful basis for processing under Article 6; the Schedule 1 DPA 2018 condition for processing criminal records data; how the information will be used; the retention period; and the applicant's data subject rights including the right to complain to the ICO.
The consent declaration is a clear, unambiguous statement by the applicant consenting to the DBS check and to the processing of their personal data as described in the privacy notice. The declaration should also confirm that the information provided is accurate.
Additional compliance elements for a DBS Check Consent Form (UK) used in United Kingdom include: Under the Employment Rights Act 1996, the Employment Tribunal adjudicates workplace disputes. Section 94 of the Employment Rights Act 1996 provides the right not to be unfairly dismissed. The Advisory, Conciliation and Arbitration Service (ACAS) provides early conciliation under Section 18A of the Employment Tribunals Act 1996. The UK GDPR and Data Protection Act 2018 govern personal data handling. HM Revenue and Customs (HMRC) administers PAYE and National Insurance contributions under the Income Tax (Earnings and Pensions) Act 2003. Forms-legal.com provides this template as a starting point for United Kingdom-compliant documentation.
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). DBS Check Consent Form (UK) (United Kingdom) [Legal document template]. Forms Legal. https://forms-legal.com/uk/employment/hr-forms/dbs-check-consent-form-uk
"DBS Check Consent Form (UK) (United Kingdom)." Forms Legal, 2026, https://forms-legal.com/uk/employment/hr-forms/dbs-check-consent-form-uk.
@misc{formslegal-dbs-check-consent-form-uk,
author = {{Forms Legal}},
title = {DBS Check Consent Form (UK) (United Kingdom)},
year = {2026},
howpublished = {\url{https://forms-legal.com/uk/employment/hr-forms/dbs-check-consent-form-uk}},
note = {Free legal document template. Based on Employment Rights Act 1996}
}Also available for these jurisdictions:
Frequently Asked Questions
The Disclosure and Barring Service (DBS) issues four types of certificate under Part V of the Police Act 1997, each revealing different information. A Basic DBS check (section 112 Police Act 1997) is available to any person or employer and discloses only unspent convictions and conditional cautions. It can be applied for by the individual or the employer and is available for any role. A Standard DBS check (section 113A Police Act 1997) discloses spent and unspent convictions, cautions, reprimands, and final warnings (subject to DBS filtering rules). It is available only for roles covered by the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 — typically regulated professions such as legal, financial, healthcare, and certain licensing roles. An Enhanced DBS check (section 113B Police Act 1997) discloses the same information as a standard check plus any additional relevant information that a chief officer of police reasonably believes is relevant to the role. It is available for roles involving regulated activity with children or vulnerable adults, certain licensing decisions, and other specified purposes. An Enhanced DBS check with Barred List check adds a check against the DBS Children's Barred List and/or Adults' Barred List (maintained under Schedule 3 to the Safeguarding Vulnerable Groups Act 2006). It is available only for roles that constitute 'regulated activity' with children or vulnerable adults as defined by Schedule 4 to the Safeguarding Vulnerable Groups Act 2006 (as amended by the Protection of Freedoms Act 2012).
The Rehabilitation of Offenders Act 1974 (ROA) provides that certain criminal convictions become 'spent' after a specified rehabilitation period, and spent convictions need not be disclosed in most circumstances — for example, on a job application. Once a conviction is spent, the convicted person is treated as if they had never committed that offence for most purposes. However, the ROA specifically excludes certain types of employment from its protections. Under the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975, as amended, a wide range of occupations — including regulated healthcare roles, work with children, certain legal and financial roles, and any role involving regulated activity — are exempt from the ROA. This means that employers in these fields can ask applicants to disclose spent convictions, and applicants are legally required to do so. The criminal records disclosed on a Standard or Enhanced DBS certificate may therefore include spent convictions. However, the DBS filtering rules (introduced following R (T) v Secretary of State for the Home Department [2014] UKSC 35 and updated after R (P and A) v Secretary of State for the Home Department [2019] UKSC 3) mean that certain minor and old convictions and cautions are automatically filtered and will not appear on a DBS certificate even if the role is exempt from the ROA.
Criminal records data revealed by a DBS check constitutes special category data under Article 10 of the UK GDPR (incorporated into domestic law by the Data Protection Act 2018). Processing such data requires: (1) a lawful basis under Article 6 UK GDPR (typically Article 6(1)(b) for employment contracts or Article 6(1)(c) for legal obligations); and (2) a separate condition under Schedule 1 to the Data Protection Act 2018. The most commonly applicable Schedule 1 conditions for DBS processing are paragraph 1 (employment, social security, and social protection, where authorised by law) and paragraph 28 (safeguarding of children and individuals at risk). Organisations processing DBS information must comply with the DBS Code of Practice (issued under section 122 of the Police Act 1997), which requires: a written policy on the use of DBS information; restricting access to DBS certificate information to those who need to see it; not retaining a copy of the DBS certificate for more than 6 months; and providing the applicant with a copy of the organisation's policy on the use of disclosure information on request.
The DBS Update Service is an online subscription service that allows individuals to keep their DBS certificate up to date and enables registered organisations to perform free, instant status checks on existing certificates. The service is available for Standard and Enhanced DBS certificates only (not Basic certificates). An individual who subscribes to the Update Service can reuse their certificate for multiple roles without needing a new DBS application, provided the check level and workforce category are the same. Subscribing costs a small annual fee (currently free for volunteers). Employers and voluntary organisations that are registered with the DBS can use the Update Service to check whether a certificate is still current and whether any new information has been added since it was issued, without the need to process a new DBS application. This significantly reduces processing times and costs where staff change roles or move between employers. Individuals must subscribe within 30 days of the DBS certificate being issued to be eligible for the Update Service.
An employer is not automatically required to refuse to engage someone because their DBS certificate discloses a conviction or caution. The DBS Code of Practice requires employers to have a written policy on how they use DBS information and to treat all applicants fairly. The employer must consider the nature of the offence, the age of the conviction, the relevance of the offence to the role, and other relevant circumstances before making a recruitment decision. Refusing to engage someone on the sole ground of a spent conviction that should not have appeared on the certificate, or that is not relevant to the role, may give rise to a claim under the Rehabilitation of Offenders Act 1974 or the Equality Act 2010. However, there are roles in which the law requires specific action: employing a person who is on the DBS Children's or Adults' Barred List in regulated activity is a criminal offence under section 9 of the Safeguarding Vulnerable Groups Act 2006, and employing an individual barred from working with vulnerable groups is also an offence under section 11. Employers must therefore carry out an individualised assessment for each applicant whose DBS certificate discloses information.
An umbrella body (also called a registered body or a countersignatory) is an organisation that is registered with the DBS and is entitled to submit DBS applications on behalf of other organisations that are not themselves registered with the DBS. Only organisations that are registered with the DBS directly can process Standard and Enhanced DBS applications; organisations that are not registered must use a registered umbrella body to process applications on their behalf. Small employers, voluntary organisations, charities, and sole traders who do not process sufficient DBS applications to justify direct registration typically use an umbrella body. The umbrella body countersigns the DBS application form and is responsible for confirming to the DBS that the applicant is applying for a role that is eligible for the level of check requested. The umbrella body processes the application in accordance with the DBS Code of Practice and charges a service fee in addition to the DBS application fee. The employer remains responsible for the safeguarding decision.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
Employment Contract (England & Wales)
Hiring someone in England or Wales? You are legally required to give them a written statement of employment particulars on or before their first day of work. Our UK Employment Contract template meets all requirements of the Employment Rights Act 1996 and covers working hours, salary, holiday entitlement, notice periods, pension auto-enrolment, confidentiality, and optional restrictive covenants. Download as PDF or Word in minutes.
Data Processing Agreement — UK GDPR (England & Wales)
Create a Data Processing Agreement (DPA) fully compliant with UK GDPR Article 28 and the Data Protection Act 2018 for England and Wales. This template covers all mandatory Article 28(3) processor obligations, ICO registration, sub-processor authorisation with prior notice, UK IDTA provisions for international transfers outside the UK, technical and organisational security measures under Article 32, personal data breach notification timelines, data subject rights assistance, DPIA support, audit rights with advance notice, and data deletion or return obligations. Includes controller ICO registration details, special category data provisions, and automatic termination with the principal services agreement. Governing law: England and Wales. Download as PDF or Word.
Consent Form (UK)
Create a general Consent Form for use in England and Wales. This versatile template covers medical consent, activity consent, data processing consent, photography consent, and research participation consent. Compliant with common law informed consent principles, the Mental Capacity Act 2005, the Children Act 1989, and UK GDPR Article 7. Includes risk and benefit disclosures, right to withdraw, capacity confirmation, parental consent for minors, and emergency contact information. Fill in the details and download as PDF or Word.