[COMPANY NAME] — Appropriate Policy Document
Processing of criminal offence and special category data in connection with driver checks
Provider: [COMPANY NAME], [REGISTERED ADDRESS], company number [NUMBER]
Version: v1.0 — [DATE]
Document use: Internal policy document maintained under Schedule 1 Part 4 of the Data Protection Act 2018, governing our processing of criminal offence data (endorsements, disqualifications) and any special category data obtained or held in connection with driver checks.
Review cycle: Annually, or earlier on material change.
Note for the company adopting this template: This template helps you meet the Appropriate Policy Document (APD) requirement under Schedule 1 Part 4 of the Data Protection Act 2018 when you process criminal offence data or relevant special category data in connection with driver checks. An APD is mandatory when you rely on certain Schedule 1 conditions (including paragraphs 10 and 12 of Part 2). Replace text in [SQUARE BRACKETS]. Delete this note before adopting. This template is provided as a practical starting point — it is not legal advice and you should review and adapt it to your circumstances, ideally with input from a data protection specialist.
1. Why this document exists
UK data protection law requires a documented policy where a controller relies on certain conditions in Schedule 1 to the Data Protection Act 2018 to process criminal offence data (Article 10 UK GDPR) or special category data (Article 9 UK GDPR). This is our Appropriate Policy Document under Schedule 1 Part 4.
It explains:
- the Schedule 1 condition(s) we rely on;
- the procedures we follow to comply with each of the UK GDPR Article 5 principles when processing this data;
- our policies on retention and erasure;
- where required, why the processing is in the substantial public interest.
2. Scope
This document applies to our processing of:
- Criminal offence data under Article 10 UK GDPR — specifically, the endorsements and disqualifications appearing in driver records we obtain through Driver Codes, and any records, decisions, or follow-up actions that include or refer to that data;
- Special category data under Article 9 UK GDPR — to the extent any health-related or other special category data appears in a driver record (for example, medical-restriction codes on a driving licence) or in records we hold in connection with driver compliance.
It does not apply to our other processing (for example, general HR records, payroll, or contractor management) unless those records also include the data covered above.
3. Schedule 1 condition(s) relied on
[CHOOSE THE OPTIONS THAT APPLY. DELETE THE OTHERS. YOU CAN RELY ON MORE THAN ONE.]
Option A — Employment, social security and social protection (Schedule 1 Part 1, paragraph 1). For drivers we employ directly, we rely on paragraph 1 of Schedule 1 Part 1. The processing is necessary for the purposes of performing our obligations and exercising our specific rights as an employer — including our duties under operator-licence rules, road traffic legislation, the Working Time (Cross-border Railway Services) Regulations 2008 / Working Time Regulations 1998 [DELETE WHICHEVER DOESN'T APPLY], and our duty of care to employees and the public.
Option B — Preventing or detecting unlawful acts (Schedule 1 Part 2, paragraph 10). For drivers we engage other than as direct employees, we rely on paragraph 10. The processing is necessary for the prevention or detection of unlawful acts — specifically our need to know whether drivers we engage are entitled to drive, are not currently disqualified, and do not have a record indicating ongoing or recent serious driving offences that would create a material risk of further unlawful conduct if we permitted them to drive on our behalf.
Option C — Regulatory requirements relating to unlawful acts and dishonesty (Schedule 1 Part 2, paragraph 12). We rely on paragraph 12 for processing necessary for the purposes of complying with — or assisting other persons to comply with — regulatory requirements that involve taking steps with a view to the detection of unlawful conduct. Specifically, our processing supports compliance with [LIST: e.g. operator-licence rules under the Goods Vehicles (Licensing of Operators) Act 1995; the Public Passenger Vehicles Act 1981; driver compliance obligations under the Road Traffic Act 1988; tachograph regulations; etc.].
4. Substantial public interest
[INCLUDE THIS SECTION IF YOU RELY ON OPTION B OR OPTION C. DELETE IF YOU RELY ON OPTION A ALONE.]
Paragraphs 10 and 12 of Schedule 1 Part 2 require that the processing is necessary for reasons of substantial public interest. We are satisfied that our processing meets this test for the following reasons:
- Road safety. Drivers operating on public roads who are not entitled to drive, who are currently disqualified, or whose record reveals serious driving offences present a tangible and well-documented risk to the public, to other road users, to themselves, and to passengers and cargo. Verifying entitlement and material conduct before and during a driving engagement is a recognised and proportionate response to that risk.
- Regulated sector. The road transport sector is regulated for these reasons. Our regulatory and operator-licence obligations cannot be met without lawful access to driver-compliance information. [WHERE APPLICABLE: We are the holder of an operator licence under the Goods Vehicles (Licensing of Operators) Act 1995 / Public Passenger Vehicles Act 1981.]
- Public safety and tort. A failure to verify driver entitlement and recent record exposes us, other road users, and our insurers to losses that public policy treats as a matter of substantial public interest under tort and motor-insurance regimes.
- Confidentiality and proportionality. The processing is limited to what is necessary for these purposes, restricted to authorised personnel, and retained only for as long as needed.
5. Compliance with Article 5 principles
| Principle | How we comply |
|---|---|
| Lawfulness, fairness, transparency | We process only on a lawful basis identified in our Workforce Privacy Notice. We provide that notice to drivers before their first check, identifying us as controller, the data we process, the purposes, and their rights. We do not use the data for purposes incompatible with those notified. |
| Purpose limitation | We use criminal offence and special category data only for the driver-compliance purposes set out in section 3. We do not re-use it for marketing, profiling for unrelated purposes, sharing with third parties for their own purposes, or other unrelated activities. |
| Data minimisation | We obtain only the information needed to verify driving entitlement and material conduct. We do not aggregate this data with unrelated personal information. We do not request fields from Driver Codes that we don't need for compliance purposes. |
| Accuracy | We rely on DVLA-sourced data via Driver Codes, which is the authoritative source. We re-check at risk-based intervals appropriate to role. We correct or update our records promptly when notified of a change. |
| Storage limitation | See section 6. |
| Integrity and confidentiality | Access is restricted to named individuals with a documented role-based need. Records are stored within our access-controlled systems with appropriate technical and organisational measures. Material actions (access, export, deletion) are logged. |
| Accountability | We maintain this APD, our Record of Processing Activities, our Legitimate Interests Assessments (where applicable), and our wider data protection policies. We review compliance with this document at least annually. |
6. Retention and erasure
We retain criminal offence and special category data only as long as necessary for the purposes set out in section 3.
| Category | Retention | Trigger for erasure |
|---|---|---|
| Active driver check results | Duration of engagement, plus [PERIOD] | Engagement ends + retention period elapses |
| Records of driving incidents that informed an employment, contractor or insurance decision | [PERIOD — typically 6 years] | Limitation period for relevant legal claims expires |
| Exported reports stored in [HR / fleet system] | In line with that system's retention rules | As above |
[ADJUST TABLE TO MATCH YOUR ACTUAL RETENTION SCHEDULE.]
On expiry of a retention period we delete or anonymise the data, except where we are required to retain it for the establishment, exercise or defence of legal claims, where another legal obligation applies, or where the data subject has asked us to keep it.
7. Access, training and monitoring
- Access to criminal offence and special category data is granted only to named individuals with a documented role-based need.
- Authorisation and review of access is recorded.
- All individuals with access receive data protection training on induction and at least [FREQUENCY — usually annually] thereafter, including specific training on the sensitivities of criminal offence data and the lawful-purpose limits we operate within.
- We log material actions (access to records, exports, deletions) and review logs periodically.
- Suspected misuse triggers an internal investigation under our wider information security policy.
8. Data subject rights
Data subjects have the rights described in our Workforce Privacy Notice. Where a rights request relates to criminal offence or special category data covered by this APD, we apply additional care:
- We verify identity rigorously before disclosing under a subject access request.
- We engage promptly with objections (UK GDPR Article 21) and apply the override test carefully — a driver's objection is honoured unless we can demonstrate compelling legitimate grounds.
- We do not erase data the retention of which is needed for the establishment, exercise or defence of legal claims, but we explain our reasoning to the data subject.
9. Sharing
We share data covered by this APD only as set out in our Workforce Privacy Notice. Any new recipient or sharing purpose triggers a review against this APD and (where required) a Data Protection Impact Assessment.
10. Review
This document is reviewed annually and on material change of our processing, our regulatory environment, or our operations. Reviews and changes are recorded in section 11.
11. Document control
| Version | Date | Reviewer | Change |
|---|---|---|---|
| v1.0 | [DATE] | [NAME / ROLE] | Initial issue |
12. Authorising signature
This document is approved by:
| Name | [NAME] |
| Role | [ROLE] |
| Date | [DATE] |
| Signature | _________________ |