As DPO for a UK company, I have received a concern that we do not collect consent before requesting references from previous employers.
We do make the potential employees aware that we are going to make checks using the references that they gave us, but we do not use consent as our legal basis for processing, as I do not feel it would be appropriate.
To be clear, we do not currently collect criminal offence data as part of this process.
What are your thoughts? Do you collect consent for this type of check?
Thanks in advance!