What is the legal protocol for UK companies to follow when conducting background checks on potential employees?

Navigating the world of employment can be daunting, especially when it comes to background checks. Background checks are becoming a standard practice in most companies in the UK, as they are seen as an effective way to ensure the safety and integrity of the workplace. But what is the legal protocol for these checks? What can employers look for, and what are they legally allowed to use in their decision-making process? In this article, we will delve deep into the legalities and protocols of conducting background checks for potential employees in the UK.

The Purpose of Background Checks

Before delving into the legalities, it's important to understand why background checks are conducted in the first place. A background check is a process a company or employer uses to verify an individual's identity, criminal record, employment history, and other data. This check serves to ensure that the potential employee is who they say they are and has the qualifications and experience they claim.

It also helps the employer assess any potential risk the candidate might pose. For instance, a background check can uncover a criminal history that might make the candidate unsuitable for the job. Particularly in roles that involve working with vulnerable groups, such as children or the elderly, these checks are vital for safeguarding purposes.

What Employers Can Check

Moving on, let's examine what employers can legally check when screening a potential employee. The Data Protection Act 2018 governs this aspect. Under this law, employers can check criminal records, employment history, credit history, and educational background, amongst other things.

However, it's crucial to note that employers can only check information that is relevant to the job role. For instance, a credit check might be pertinent for a role in finance, but not necessarily for a position in customer service.

Another important point is that employers must get the candidate's consent before carrying out most types of checks. This is especially the case for credit checks and obtaining references.

Criminal Record Checks

Criminal record checks are perhaps the most sensitive type of background checks. In the UK, there are three types of criminal record checks employers can request: Basic, Standard, and Enhanced DBS checks. The level of check required will depend on the job role.

A Basic DBS check will show any unspent convictions the candidate may have. Standard DBS checks show both spent and unspent convictions, cautions, reprimands, and final warnings, while Enhanced DBS checks include all the information in a Standard check plus any additional information held by local police deemed relevant to the role.

It's important to remember that having a criminal record does not automatically disqualify a person from employment. The employer must consider the nature of the offence, the time that has passed since the offence, and the relevance of the offence to the job role.

The Right to Work Checks

Every employer in the UK has a legal obligation to ensure their employees have the right to work in the country. This involves checking and verifying the candidate's documents, such as their passport or Biometric Residence Permit.

If the individual is a non-EEA national, employers will need to carry out more rigorous checks. For instance, they may need to verify the individual's immigration status and ensure they have the correct visa or work permit. Failure to conduct right to work checks can result in hefty fines for the employer.

Data Protection and Fair Processing

Finally, in conducting background checks, employers must adhere strictly to data protection laws. Under the Data Protection Act 2018, employers must ensure the information they gather is used fairly, stored safely, and not disclosed unlawfully.

To comply with fair processing requirements, employers must inform the individual of the purpose of the check and the type of data they will collect. The employer must also explain how long they will keep the data and who will have access to it.

In conclusion, conducting background checks in the UK is a legally complex process that requires careful consideration and adherence to various laws and regulations. From understanding the purpose of the checks and knowing what to check, to conducting criminal record and right to work checks and complying with data protection requirements, every step of the process must be carried out with diligence and care.

Social Media Screening and Other Checks

In a digital age where social media enjoys rampant popularity, employers are increasingly turning to these platforms to glean more information about prospective employees. The online activity of an individual can provide a wealth of information about their character, lifestyle, and values. However, this practice is in a legal grey area and precautions are necessary to avoid infringing on an individual's privacy rights.

While it is not illegal in the UK to check a candidate's public social media profiles, it is crucial to proceed with caution. Employers cannot make hiring decisions based on protected characteristics, such as race, religion, sexual orientation, or disability status, which might be inferred from social media content. Additionally, employers are not allowed to force candidates to disclose their social media passwords or to access private posts.

Another type of check that might be conducted is a health check. However, the Equality Act 2010 restricts employers from asking health-related questions before making a job offer, except in certain circumstances, for instance, to ascertain if the candidate can perform an essential function of the role. Employers must be mindful of their obligations under the Act, to avoid unlawful discrimination.

Reference Checks and Verifying Employment History

Reference checks can provide useful insights into a candidate's work ethic, performance, and suitability for the role. However, these checks should only be carried out with the candidate's consent. Under the Data Protection Act 2018, it is unlawful to process personal data without the individual's permission.

When verifying a candidate's employment history, employers can ask previous employers to confirm the candidate's role, length of employment, reason for leaving, and other specific details. However, this information must be relevant to the role in question.

It is important to be aware that false or misleading references can lead to legal consequences. If a reference is inaccurate or misleading and leads to a poor recruitment decision, the employer who provided the reference could face legal action. The potential employee could also face consequences if they have provided false information on their CV.


In essence, conducting background checks on prospective employees in the UK is a complex procedure governed by a myriad of laws and regulations. These range from criminal record and right to work checks, to data protection and fair processing mandates. The inclusion of social media screening and the verification of employment history also add to the complexity of these checks.

However, despite the complexities, these checks are essential for promoting a safe and robust workplace and for ensuring prospective employees are suitable and qualified for their roles. Employers must navigate this legal landscape with caution, ensuring compliance at every stage of the recruitment process.

Remember, the objective of background checks is not to invade an individual's privacy but to confirm their suitability for the role. As a rule of thumb, always seek the candidate's consent, use the data fairly, and ensure relevance to the role when conducting background checks.