Who does the BS7858:2019 Screening Standard apply to?

The BS7858:2019 Screening Standard applies to organisations who employ individuals in a secure environment to assist with risk assessment and to give a high level of confidence in the recruitment of these individuals.  Some insurers also require BS7858 as part of policy conditions, but they may have different requirements around the length of the employment screening period required.  The Screening Standard applies equally to all levels of employees whether part-time or full-time, temporary or permanent, Sole Traders and to all levels of Senior Management.

Will you actually contact my previous employers and referees?

Yes, if the screening service includes career history (i.e. BS7858, BPSS or the application requires you to enter previous employment history), we will contact all career contacts including previous employers and education departments (unless you have requested us not to) both orally and by written communication to verify the information you have provided us. As an example this may be to confirm a period of employment/unemployment or confirming a gap in the career history. This information may be shared with the referee’s you include in your vetting application form for confirmation.

Who will see my information and final report?

The data submitted by you will be viewed by your employer/sponsor company before they submit your application to us as part of their recruitment or compliance programme. Our Screening Officers will also view your data as this is required as part their screening role. The final report which includes all documents, application form, results, credit report, references etc. is sent to your employer or sponsor.

Why am I uploading my consent for the application?

As part of our process we only apply for your checks on your behalf and on behalf of your sponsor with your explicit consent. This consent is used to verify that we have permission to request data from our partners on your behalf.

What if I am unsure about signing my consent form?

Going through vetting can be sometimes stressful however we are not an investigation organisation we simply verify information you provide to us. If you have any concerns we recommend you speak to your sponsor organisation, you can also contact us for further information of the process we carryout.  You do not have to sign the consent form however we will not process your vetting application which may have implications relating to your sponsor.

What is a Subject Access Request (SAR)?

Individuals (e.g. employees) have a right to be informed by an organisation (e.g. their employer) whether or not it is processing personal data that relates to them and, if so, to be told:

  • What personal data it is being processed.
  • The purposes for which the personal data is being processed.
  • Who, if anyone, the personal data is disclosed to.
  • The extent to which it is using the personal data for the purpose of making automated decisions relating to the data subject and, if so, what logic is being used for that purpose.

Employers are required to respond to an SAR by providing, in an intelligible form, copies of the personal data and any information about the sources of the data.  There is currently a 30 calendar day time limit to respond to the request.

How long will you keep my data?

From 25th May 2018 in most cases we will keep your data approximately 28 days (subject to our audit and compliance requirements) after the service provision has been completed for that unit of work. The data will be deleted and/or nullified which will remove all but the core data including name, consent, customer name and submittal date will be retained.

What is the GDPR?

The General Data Protection Regulation is a new, European-wide law that replaces the Data Protection Act 1998 in the UK. It places greater obligations on how organisations handle personal data. It came into effect on 25 May 2018.

What is Staffvetting doing regarding GDPR?

Staffvetting has always taken data privacy and security practices very seriously. With the introduction of GDPR we have reviewed our systems, processes and procedures to ensure we were fully compliant by May 25, 2018. For example :

  • we have updated all of our electronic systems increasing data integrity, confidentiality and availability.
  • a new Data Processing Agreement which we and you agree to undertake from May 25, 2018 onwards.
  • updating our Privacy Policy to ensure our compliance in respect of the data we hold about you.
  • reviewing Staffvetting’s functionality to make Staffvetting more efficient for users who are subject to the GDPR.
  • making all our consents clearer and understandible.

What information does the GDPR apply to?

The GDPR applies to ‘personal data’, which means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

What data will you keep relating to me?

We are required to retain certain information for audit, legal and compliance purposes. The data retained will be your name, the customer name and consent data.

Why carry out BS7858 Screening?

This is to allow sufficient information to be obtained to enable organisations to make an informed decision on employing an individual in a secure environment.  It does not cover other processes such as Right to Work status or competency for the role.

Is there a requirement for periodic re-screening?

This would be up to the discretion of each individual Organisation. Someorganisations re-screen annually others re-screen every three years.

Can a Candidate pass their probation period pending the full screening being completed?

If the Candidate’s probationary period was 12 weeks and their full screening had not been completed within this time, they would not be able to continue working.  The decision around their probationary period would be an internal HR issue, but if the screening cannot be completed they would not be fully screened to BS7858 and therefore would not be allowed to continue in employment.

What happens if our Candidate leaves our employment and then returns to us again?

BS7858 Screening would need to be completed in full for the period in between leaving and returning.  The information in the previous screening file could be used, but if the previous screening was to the BS7858:2012 this may not be fully compliant with the changes within the new BS7858:2019 Screening Standard, therefore this would need to be reviewed.

Can our Organisation use a signed Acceptance of Risk as a way of accepting unverified periods in a Candidate’s history where they are unable to provide documentary evidence?

No, an Acceptance of Risk can only be used for the following 4 scenarios:

  • The applicant is an active Director of another Company
  • The applicant has County Court Judgement(s) to the value of over £10,000.00
  • The applicant has a Bankruptcy Order
  • Extending the allowed screening period by a maximum of a further 4 weeks to allow further information to be gathered

The standard of screening we carry out (BS7858:2019) identifies the above as potential ‘risks’ to Employers, and encourages further investigation prior to the offer of conditional employment, with an expectation that the applicant must make representation about the concern.  If an Organisation is satisfied that the applicant’s financial history does not constitute a risk, then an executive of the employing Organisation, having reviewed the documentation, signs to accept the risk.

The reasoning behind the Acceptance of Risk in cases of an active Directorship is to ensure there will be no conflict of interests prior to offer of employment.

With regards to the County Court Judgement found following the Consumer Information Search Staffvetting are made not aware of the circumstances for the CCJ being issued, only the amount of the CCJ and the date of issue.