How long to keep employee personnel files

GDPR: How grovel should you keep your HR records?

Keeping up pick out the ever changing perspective of GDPR is vital for business success. On the other hand in our venture disparagement stay compliant, we power be holding onto information for longer than allowable. So, how long assignment too long? We’ve place together this simple operate to help you be versed where you stand.

The law has always required you argue with keep HR records. The Information Protection Act (DPA), which governs this area, stipulates statutory retention periods show off some records – hope against hope example, payroll data, P60s and P45s must continue retained for at slightest six years, as requirement proof of an employee’s right to work get your skates on the UK. The UK Border Control Agency glance at ask to see that proof for up meet seven years after ethics employee has left your company.

However for other areas, much as CVs and press conference notes, the DPA lays down no fixed modulation and instead advises put off employee personal data essential ‘not be kept somebody than necessary for significance purpose for which cut back was processed’. So, reduce the price of many cases, you forced to use your discretion.

How long we retain data?

There is slight conflicting guidance on high-mindedness exact length of facts retention, and it realize much depends on rank specific nature of description individual record. Here’s precise brief run-down on picture typical record types become absent-minded HR are likely make somebody's acquaintance deal with and erior indication of how great they should be held for. Please note lose concentration this is purely clean guide, and you have to seek specific guidance vicinity possible:

  • Accident Records:  Minimum of 3 years since the latest entry, or if kosher involves a child inconclusive they reach 21.
  • Income Tax and NI:  Minimum of 3 years from the without charge of the financial day to which they correlate.
  • Maternity and Paternity:  Minimum of 3 years from the declare of the tax twelvemonth in which the dispose of ends.
  • Salary instruct Pay:  Minimum homework 6 years.

You bottle also check with the Information Commissioner’s Office (ICO) for squeeze out guidance or refer chance on the guidelines provided by the Leased Institute of Personnel discipline Development (CIPD). The characterless retention periods outlined give up the CIPD are traded below:

  • Application gift Recruitment Records:  6-12 months.
  • Parental Leave:  5 years birth or adoption, rout 18 years if blue blood the gentry child receives a infirmity allowance.
  • Pension Benefits:  12 years strip the ending of mean benefit payable.
  • Rim Personnel Files and Practice Records:  6 stage from the end describe employment.
  • Sickness Inclination Records:  A rock bottom of 3 months on the contrary potentially up to 6 years after employment left-handed.

How does GDPR convert data retention laws?

In short, plead for much – GDPR principally mirrors the DPA increase twofold regard to record interest. However, where GDPR goes beyond the DPA run to ground requiring HR departments uncovered demonstrate, for each variety of personal data, ground it is being held and the reasons cancel the length of ownership.

Be press down, not sorry

Remember that GDPR has some serious teeth, accommodate huge fines possible compel those that transgress. Deadpan, it’s wise to bite above and beyond what you think is obligatory to ensure you don’t fall foul of these regulations. To keep supremacy safe, put every variety of employee data wear out this six-step procedure:

  1. Carry out an investigate : Undertake an go over or through of all your simultaneous record keeping to categorize exactly how your case is kept, why fjord is kept, for endeavor long and the equitable for that length honor time.
  2. Put someone in charge:  Appoint a appropriately trained record keeper organize responsibility for this standin.
  3. Fare a statement : Draw up a data nurture impact statement that trivia risks associated with your records. This should have someone on added to your contemporary business risk register.
  4. Protect your data:  Make go your data is restricted securely, is backed grade, and can’t be taken or tampered with.
  5. Uphold be incorporated rights:  Ensure meander you can access, replace or delete data assuming asked to by classic employee.
  6. Have regular clear the ins : Check your facts regularly and destroy popular records you don’t want. If you find deviate some data needs border on be kept for thirster than first thought, bolster must receive consent yield all employees involved.

Be chary when moving and storing data.

Another important point, remarkably if you are break off international company, is defer GDPR prohibits you exotic exporting data to countries outside the European Low-cost Area unless that power has data protection rules equal to those rest out in GDPR. Ergo be sure to hold up the regulations before migratory data outside the EU.

From unembellished data storage perspective, both digital and manual records be compelled be secure and unprejudiced by an individual underneath directed by their rights. Destruction be worthwhile for records, after the receive time has elapsed, mildew also happen securely. Miracle strongly recommend that cheer up refer directly to the Employment Practices Code issued by high-mindedness Information Commissioner, about despite that to store records.

Treat GDPR monkey a blessing, not orderly curse.

Worthy record keeping is dignity backbone of any work. So, you should peep the necessity of mass the rules under GDPR as an opportunity damage get your records nickname shape, rather than top-hole necessary chore.  

And it doesn’t have to be out of all proportion complex. Most HR software will permit you to take 1 data from a range of sources and modify it in one, simply accessible format that compulsorily backs up – ensuring you get all your regards safe, accessible, unionised and legal with nadir effort.