Pseudonymising DBS Enhanced Certificates – UK GDPR-compliant anonymisation per Police Act 1997 s.113B
A DBS Enhanced certificate issued under Police Act 1997 s.113B includes all Standard certificate content plus additional police-held suitability information considered relevant by the chief constable. anonym.legal pseudonymises the subject's personal identifiers across both the standard conviction data and the locally-held intelligence section, enabling reviewers to assess suitability without unnecessary personal-data exposure.
When this applies
This task applies when a DBS Enhanced certificate is reviewed by safeguarding leads, HR professionals, or legal advisers in regulated sectors — such as education, healthcare, or childcare — who require sight of both conviction data and police suitability information but not the subject's personal identifiers.
How anonym.legal handles it
- Upload the DBS Enhanced certificate to anonym.legal.
- The engine identifies and pseudonymises the subject's name, date of birth, address, and DBS reference number in the certificate header.
- Conviction and caution entries are preserved with their offence descriptions, dates, and sentencing outcomes in clear text.
- Any locally-held police suitability information in the enhanced section is preserved; the subject's personal identifiers within that section are also pseudonymised.
- A reversible mapping table is generated with UK data residency.
- The pseudonymised certificate is released for safeguarding or HR review; the original is restored via the mapping key before any formal suitability decision.
What you provide
- DBS Enhanced certificate (PDF or high-quality scan)
- Role description and regulated-activity category (to contextualise the review)
Limitations & cautions
- The pseudonymised certificate must not be used as the basis for a formal regulated-activity suitability decision — the original must be referenced.
- Police suitability information in the enhanced section may itself identify third parties; the tool pseudonymises the subject's data but reviewers should apply professional judgement to third-party references.
- The tool does not advise on the legal threshold for relevance of locally-held police information — obtain specialist safeguarding or legal advice.
FAQ
Does the enhanced certificate's police suitability section require special handling under UK GDPR?
Yes. Information in the enhanced section constitutes criminal-conviction data under UK GDPR Art. 10 and is processed under DPA 2018 Part 3 (law-enforcement regime) where competent authorities are involved. anonym.legal applies pseudonymisation to the subject's identifiers in both sections under a consistent framework.
Can I use the pseudonymised enhanced certificate for a barred-list check cross-reference?
No. Barred-list checks require the real identity of the subject. The pseudonymised certificate is for reviewing the scope of disclosed conviction and suitability information only.
How does the engine handle third-party names mentioned in the police suitability section?
Third-party names in the suitability section that can be identified as natural persons are flagged for review. You can elect to pseudonymise them in addition to the subject's data.
Is Police Act 1997 s.113B the only provision for enhanced certificates?
Section 113B is the principal provision for enhanced criminal record certificates. Section 113BA provides for additional suitability information relating to children and vulnerable adults — that variant is also supported by this workflow.