Are References Part Of Staff Vetting? UK Employer Guide To Safer Hiring

When you’re running a small business, hiring often happens fast. You’ve got shifts to cover, customers to serve, and a team that needs support. But making a “quick hire” without proper checks can turn into months of performance issues, workplace conflict, data protection headaches, or even safeguarding risks.

That’s where staff vetting procedures come in. And one of the most common questions we hear from employers is whether references are part of staff vetting procedures (and what you can realistically do if references are missing, vague, or raise concerns).

In this guide, we’ll break down how references fit into vetting, how to use them properly in the UK, and how to build a safer, more consistent hiring process that protects your business from day one.

What Are Staff Vetting Procedures (And Why Do They Matter)?

“Staff vetting procedures” is a broad term for the checks you carry out before (and sometimes shortly after) hiring someone. The goal is simple: reduce the risk of hiring someone who isn’t suitable, while treating applicants fairly and lawfully.

For a small business, vetting is usually about balancing:

• Speed (you need someone in the role),
• Safety (customers, staff, and operations),
• Legal compliance (especially immigration, data protection, discrimination), and
• Practicality (you don’t have the HR department of a big corporate).

Vetting often includes a mix of:

• Right to work checks
• Identity checks
• Employment history checks
• References
• Qualification checks (if relevant)
• DBS checks (if relevant)
• Health checks/medical questionnaires (only where lawful and necessary)

Just as importantly, vetting isn’t only about catching “bad” candidates. It also helps you hire confidently, set expectations clearly, and avoid misunderstandings about skills, start dates, notice periods, and conduct.

Are References Part Of Staff Vetting Procedures In The UK?

In most workplaces, yes - references are commonly part of staff vetting procedures, particularly where you’re hiring for roles involving:

• cash handling or financial responsibility
• access to confidential information
• supervision of junior staff
• lone working
• vulnerable customers or service users
• driving/company vehicles

So if you’re trying to build a safer hiring process, it’s reasonable to treat references as a standard step. In other words, it’s generally true that references are part of staff vetting procedures as a matter of good practice - even though the law doesn’t force every employer to take references in every scenario.

Are References Legally Required?

Usually, no. For most private sector roles, there’s no general legal requirement to obtain references.

However, in regulated or safeguarding-heavy environments (for example, some education or care settings), references may be an expected part of safer recruitment, alongside enhanced DBS checks and other checks. Even where not strictly required by law, they may be required by:

• industry regulators
• commissioning contracts
• insurance requirements
• internal safeguarding policies

What Can A Reference Actually Tell You?

A reference is typically most useful to confirm:

• job title and employment dates
• basic duties/seniority
• absence record (sometimes)
• whether there were disciplinary issues (sometimes, but often avoided)
• eligibility for rehire (sometimes)

Many employers only give a factual reference to reduce legal risk. That doesn’t mean references are pointless - it just means you should treat them as one piece of the vetting puzzle, not the whole picture.

Can You Make The Offer Conditional On References?

Yes. A common approach is to make a job offer conditional on satisfactory pre-employment checks, which can include references, right to work, qualifications, and DBS (where relevant).

This helps you stay flexible if:

• a reference doesn’t arrive
• the reference raises concerns
• the candidate’s employment history doesn’t line up

To avoid uncertainty, it’s smart to set this out clearly in your offer documentation and Employment Contract (or at least your offer letter).

How To Request And Use References Lawfully (Without Creating New Risks)

References feel “simple”, but they can trigger legal issues if they’re handled casually - especially around data protection, discrimination, and record-keeping.

1. Choose A Lawful Basis (And Be Transparent With Candidates)

Requesting and reviewing references usually involves processing personal data. In many cases, employers rely on a lawful basis such as legitimate interests (or taking steps at the candidate’s request before entering into a contract), rather than “consent” in the strict UK GDPR sense.

In practice, most employers still ask the candidate to provide referee details and confirm it’s OK to contact them. Be especially careful if you’re contacting a current employer. Many candidates don’t want their current workplace to know they’re job hunting, so you may want to:

• ask which referees can be contacted and when, and
• delay contacting a current employer until after an offer is made (still conditional on references).

2. Decide What You’re Actually Asking

If you send vague reference requests, you’ll get vague replies. A simple, consistent template helps.

Common reference questions include:

• Can you confirm the candidate’s job title and employment dates?
• What were their main duties?
• Were there any disciplinary findings relating to misconduct?
• Are you aware of any safeguarding concerns? (only if relevant to the role)
• Would you re-employ them?

Try to keep questions role-relevant and consistent across candidates applying for the same role, to reduce bias risk.

3. Handle Reference Data As Personal Data (UK GDPR)

A reference is personal data about the candidate (and sometimes includes personal data about other people too). That means you should treat it as part of your data protection compliance under the UK GDPR and the Data Protection Act 2018.

Practically, this means:

• Limit access to references (only those involved in hiring should see them).
• Store references securely (not in a shared inbox forever).
• Keep them only as long as needed (set a retention period).
• Be prepared for a subject access request (a candidate may ask for copies of their personal data you hold).

If you want a clearer sense of the employer angle on SAR compliance, subject access requests are worth getting familiar with early.

4. Be Careful With “Informal” References

Sometimes you’ll hear a hiring manager say: “I know someone who worked with them - I’ll just message them.”

Informal references create a few risks:

• you may not be able to verify the referee’s identity or relationship
• you may unintentionally collect irrelevant or discriminatory information
• you may struggle to justify the decision-making process later

If you use informal references at all, keep them tightly controlled and make sure your final decision is grounded in objective criteria (skills, experience, interview performance, verified checks).

5. Understand That References Can Be Refused

Plenty of businesses won’t provide detailed references, and some won’t provide any reference beyond confirming dates of employment. Some organisations refuse entirely, especially for policy reasons.

It’s also possible that a business may decline to provide a reference in a particular scenario - for example, if it risks being misleading or they simply don’t have enough information. If you want to understand the boundaries, it’s helpful to know when refusing a reference may come up.

From a hiring perspective, the key is to plan for this. If a reference doesn’t arrive, you can:

• request an alternative referee
• use other checks (employment history, qualification verification)
• extend probation (carefully, and only if your contract allows)
• proceed cautiously with clear performance management expectations

What Else Should Be In Your Vetting Checklist (Alongside References)?

Even though references are part of staff vetting procedures, they’re rarely enough on their own - especially for small businesses where one wrong hire can have an outsized impact.

Here are other checks to consider building into your process.

Right To Work Checks

UK employers have legal duties to prevent illegal working. A proper right to work check is one of the most important “non-negotiables” in vetting, because getting it wrong can lead to civil penalties and reputational damage.

Make sure your process is consistent, documented, and completed before employment starts (or in line with any permitted rules for remote checks, where applicable).

Role-Relevant Background Checks

Not every role needs the same level of checking. But where checks are justified, they can be a sensible part of safer hiring.

Depending on the role, you might look at options for background checks and how to do them in a way that stays fair and privacy-compliant.

DBS Checks (If Relevant)

If the role involves regulated activity or contact with vulnerable groups, DBS checks may be appropriate (and sometimes essential). The level of DBS check depends on the role.

A practical tip: don’t “over-check”. Asking for an enhanced DBS for a role that doesn’t justify it can create legal and trust issues. Always match the check to the role requirements.

Qualification And Professional Membership Checks

If you’re hiring someone where qualifications are central (for example, accounting, electrical work, or regulated healthcare services), it’s worth verifying:

• certificates and awarding institutions
• professional registration numbers
• right to use protected titles (where applicable)

Probation Periods (To Manage Risk After Day One)

Vetting happens before hire - but safer hiring doesn’t stop on the start date.

A well-drafted probation period gives you time to confirm that the person can actually do the job in practice, fits your team, and meets behavioural expectations.

To make probation meaningful, you’ll want:

• clear performance standards
• structured check-ins (for example at weeks 2, 6 and 10)
• documented feedback
• contract terms that allow you to extend probation if needed

Common Reference Pitfalls For Small Businesses (And How To Avoid Them)

References can reduce risk - but handled poorly, they can create new ones. Here are the issues we see most often.

Relying On References As “Proof” Someone Will Perform

Even a glowing reference doesn’t guarantee a successful hire. Some referees exaggerate. Some barely remember the candidate. Some only provide a factual reference. That’s why references should support (not replace) proper interviews, skills checks, and probation.

Inconsistent Vetting Between Candidates

If you vet some candidates heavily and others not at all, you increase the chance of:

• unconscious bias creeping into decisions
• complaints about unfair treatment
• difficulty defending your decision-making later

A simple fix is to create a written hiring checklist per role and apply it consistently.

Accidentally Collecting Sensitive Or Irrelevant Information

Sometimes referees volunteer information about health, family situation, or other personal matters. Treat this carefully. If it’s not relevant to the role, you generally shouldn’t factor it into your decision-making.

If you think you’ve received information that could create discrimination risk, it’s worth getting advice before you act on it.

Not Documenting Why You Made The Decision

If a candidate later challenges your decision (or if performance issues arise), you’ll want a clear record of:

• what checks were completed
• what the reference said (or didn’t say)
• how you assessed the risk fairly

This doesn’t need to be a 20-page HR file - but a short hiring note and a consistent checklist can go a long way.

Forgetting That Candidates May Request Their Reference Data

Because references are usually personal data, candidates may request access to it. While there are important limits and exceptions (including protections for third-party information, and the fact that referee identities can sometimes be withheld depending on the circumstances), you should assume at least some reference content may be disclosable and keep your process professional and defensible.

Key Takeaways

• References are part of staff vetting procedures as a matter of common UK hiring practice, even though references aren’t always legally required for every role.
• References are most useful when you request consistent, role-relevant information and treat them as one part of a wider vetting process.
• Use conditional offers so you can carry out checks (including references) before employment becomes fully confirmed.
• Handle references as personal data under UK GDPR and the Data Protection Act 2018, with secure storage, limited access, and sensible retention periods.
• Build a repeatable vetting checklist that also covers right to work checks, qualification verification, and (where appropriate) background/DBS checks.
• A well-structured probation period helps you manage the risks that references can’t fully predict.

If you’d like help tightening up your hiring process, employment paperwork, or staff vetting approach, you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.