Aim of this guidance
This guidance is designed to help employers develop a policy that complies with the law and offers a fair chance to applicants with criminal records. It’s part of our practical guidance on developing your approach towards criminal records.
Although we provide suggestions for how you might go about each area, this guidance doesn’t include a template policy.
As a data controller, employers are accountable for demonstrating that processing is necessary. The need to process criminal records data will vary between employers, and will depend on the nature of your business, your values and culture. For that reason we think a policy should come from inside, rather than outside, the business. Instead, we provide guidance on legal obligations, principles of fair recruitment and a checklist of things to take into account.
Why develop a policy?
The GDPR requires any employer who wishes to ask about criminal records must have both a lawful basis under Article 6 and a condition of processing under Article 10 of the GDPR.
The DBS Code of practice requires employers who carry out DBS checks to have a policy in place for how you deal with applicants with a criminal record.
Having a clear, accessible policy is a principle of fair chance recruitment. Many people with criminal records don’t apply because of the shame and embarrassment they feel, even where their criminal record wouldn’t make them a risk. Others don’t apply for roles because they believe they will be unfairly discriminated against. Employers want to recruit the best person for the job and if your policy puts off talented applicants, you’ll be missing out.
A policy on processing criminal records should:
- Explain why it is necessary to collect criminal records
- Clearly set out your approach, so applicants and staff know what to expect
- Explain what needs to be disclosed and when
- Instil confidence in applicants that they’ll be treated fairly
Equality and diversity is all about treating people fairly. So it’s right to think of your approach towards applicants with a criminal record as part of your broader equal opportunities policy.
Some organisations include their approach to criminal records in their equality and diversity policy, but it can also exist as a standalone policy. Either way, a general statement in your equality and diversity policy can be useful. For example, you could say:
“We are committed to the fair treatment of our staff, potential staff and users of our services, regardless of race, gender, religion, sexual orientation, responsibilities for dependants, age, physical/mental disability or offending background.”
Although having a criminal record is not a protected characteristic under the Equality Act 2010, discriminating against this group can result in indirect discrimination – for example, some ethnic groups are more likely to be criminalised. Increasingly, employers are realising that diversity and inclusion is about more than ticking a box – it’s about making sure that your business benefits from the best talent, regardless of their background.
Organisations that work with children or vulnerable adults will have safeguarding policies and processes to ensure vulnerable people are protected from harm. This will normally include a focus on recruitment, induction and supervision, including what checks you carry out on new people who work or volunteer. For some roles in these organisations, asking about criminal records will be a legal obligation.
We recommend that organisations see their policy on applicants with a criminal records as one strand of their safeguarding approach. Unless a person is barred from working in regulated activity, there is no legal reason why you can’t employ them. Most criminal records will not make someone unsuitable for work with children or vulnerable adults. People in recovery, or those who have moved away from gangs, will often have a criminal record, but does that make them automatically unsuitable for work with others experiencing what they once were? Those who have turned their life around after a difficult past can often bring valuable skills and experience which should not be overlooked.
Focusing too heavily on formal vetting procedures can create a false sense of security. Safeguarding depends on training, oversight and responding to concerns. A blanket ban on people with a criminal record is not an effective approach to safer recruitment.
Sklls for Care have produced a guide to recruiting people with convictions for social care roles.
The GDPR provides individuals with rights over their data. The first of these is the right to be informed. Applicants should be made aware of what data you plan to collect, what you will use it for and how – and for how long – it will be stored. If you ask about criminal records, you should make sure that applicants are able to access this information from the outset.
Making your policy public shows the world that you are a transparent and fair-minded company. You may want to keep more detailed guidance for internal use only. You might want to consider how to communicate your policy to existing staff. For example, you could include a section in your staff handbook that explains that you employ people with criminal records, the benefits this can bring to the organisation, and what staff should do if they have any questions or concerns.
What makes a good policy
This section covers the areas that a policy should include, and suggests some text that might be appropriate.
A good policy is…
…clear and accessible
…welcoming and positive
“[Organisation] actively promotes equality of opportunity for all and welcomes applications from a wide range of candidates. [Organisation] recognises the contribution that people with criminal records can make as employees and volunteers and welcome applications from those with a criminal record. We select all candidates for interview based on their skills, qualifications and experience”
…realistic about risk
For example, you could say:
“Suitable applicants will not be refused posts because of offences that are not relevant to the role for which they are applying. We judge each case on its own merits and do not discriminate unfairly against any applicant on the basis of a conviction or criminal record information disclosed to us.”
…tailored to your business
…compliant with the law
For example, there are a couple of phrases that will make sure you don’t misinterpret disclosure legislation:
“We only ask applicants to provide details of convictions and cautions that we are legally entitled to know about”
“For roles where the Rehabilitation of Offenders Act applies, we will ask applicants to disclose any unspent offences. Spent convictions do not need to be disclosed.”
“For roles that are exempt from the Rehabilitation of Offenders Act, we will ask applicants to disclose any convictions and cautions that would not currently by filtered by the DBS.
…explains what, when and why you ask about criminal records
Your policy should explain what questions you ask about criminal records, and when you ask. This ensures that applicants know when they should (and shouldn’t) disclose, helping to reduce the chance that people disclose before or after you want them to. The DBS sample policy suggests asking “at interview, or in a separate discussion”. Adopting this wording exactly will still leave it unclear when you ask, or why. Organisations should have a specific process in place, and this should be noted in your policy.
The GDPR means you must explain the purpose and lawful basis for asking – in essence, why you’re asking. Our guidance for employers can help you identify a purpose and lawful basis.
For example, if you ask those you offer a position to, you could say:
“The successful candidate/s will be asked about relevant criminal records as part of pre-recruitment checks. If a relevant criminal record is disclosed we will ensure and open and fair discussion takes place before making a final offer. Failure to disclose information that is then later revealed on the relevant criminal record check could lead to withdrawal of an offer of employment. After receiving a criminal record certificate, we will discuss any matters revealed that have not been previously addressed, before reconsidering the conditional offer of employment. “
If you’ve signed up to the ‘Ban the Box’ campaign, you could say:
“We support ‘Ban the Box’. To ensure that we shortlist purely on merit, we don’t ask for criminal record details at application stage. What applicants are required to disclose will depend on the role that they are applying for. We will make it clear in the job description what type of role it is, and therefore what will need to be disclosed.”
…explains what checks you’ll do
“For those positions where a criminal record check is identified as necessary, all application forms, job adverts and recruitment briefs will make clear what level of check will be submitted on the individual being offered the position”
…explains the decision-making process
“For any information disclosed, cases will be looked on an individual basis, taking into account details such as;
- Whether it’s information we are legally allowed to consider
- Whether the offence is relevant to the position applied for
- The age at the time of the offence(s)
- The length of time since
- The circumstances surrounding the offence(s), and what has changed since
Any information disclosed will be treated in the strictest confidence. We will consider any information disclosed before confirming an offer of employment. If necessary, we may arrange a face-to-face discussion with the applicant to obtain further details. Failure to disclose relevant information when requested could result in disciplinary proceedings or dismissal.”
You can explain how you understand some of the concerns applicants may have and what steps you take in response. For example, you could say that:
“We take a positive approach to applicants with past criminal records”
“We ensure that all those involved in the recruitment process have received appropriate guidance and training in the legislation and practice of recruiting people with criminal records.”
“We ensure that all those who are involved in making suitability decisions based on an applicants’ criminal record have been trained to do so.”
…uses the right language
…provides an overview of the process and is consistent
…directs people to support
Provide a specific point of contact internally who can answer general questions about your policy. Provide details of external sources of support (such as Unlock’s information site) that can help give advice to people with a criminal record.
For example, you could say:
For positions covered by the Rehabilitation of Offenders Act 1974, we will ask applicants to disclose any unspent convictions. For guidance in answering this question, visit the Unlock information site which has useful information on this legislation.
For positions exempt from the Rehabilitation of Offenders Act 1974, we will ask applicants to disclose any convictions, cautions, reprimands or final warnings that would not be currently filtered by the Disclosure and Barring Service. For guidance in answering this question, visit the Unlock information site which has useful information on filtering.
…is reviewed and kept up to date
…complies with the DBS code of practice
If you do DBS checks as part of your recruitment process, you should comply with the DBS code of practice.
The code of practice (published under section 122 of the Police Act 1997) advises that registered bodies must:
- “Have a written policy on the suitability of ex-offenders for employment in relevant positions” (the DBS has produced the a sample policy statement which can be used or adapted for this purpose, although the problem with sample policies is partly why we have this guidance)
- “Notify all potential applicants of the potential effect of a criminal record history on the recruitment and selection process and any recruitment decision”
- “Discuss the content of the Disclosure with the applicant before withdrawing any offer of employment”
…complies with the GDPR/DPA 18
Examples of good practice
Do you know of a good policy? Let us know and we’ll look at featuring it here.
Examples of bad practice
To illustrate why this guidance is important, we’ve included some examples where practice could (and should) be improved.
- We regularly see reference to “the CRB” – this refers to the Criminal Records Bureau, which hasn’t existed since 2012. This alone indicates that a company hasn’t properly (or effectively) reviewed its policy in a while
- Many organisations simply take the DBS sample policy (which includes reference to “ex-offenders”) without tailoring it to their organisation to reflect their actual policy
Frequently asked questions
This section will be added to over time, responding to the common questions we receive about this guidance.
Help with updating your policy
This guidance should help you to work on your policy. We welcome organisations coming forward who are actively working on their policy to update it to reflect this guidance. We are happy to confidentially review draft policies that are in the process of being updated. Get in touch by emailing firstname.lastname@example.org.
The DBS sample policy is worth looking at, but use this as guidance instead of simply adopting that policy.
- There is more information about developing your approach to criminal records, which forms part of the practical guidance section of Recruit!
- For further advice about this guidance, please contact us.
Has this been useful?
You can let us know by:
- Writing a comment on this page (see below)
- Sending your feedback directly to us
- Emailing us at email@example.com
Is there anything wrong with this guidance? Let us know – email firstname.lastname@example.org.