Rules for Retaining Employee Data

Guidance Note: Managing the Retention of Employee Data


The General Data Protection Regulation (GDPR) came into effect on 25 May 2018. Under the GDPR, employers are required to be transparent about their data retention policies and procedures and the penalties for non-compliance are much greater than was the case under the Data Protection Act.

Under GDPR, the requirements relating to the retention of personal data are very similar to those which applied under the Data Protection Act. As before, it is a key requirement that personal data should only be retained for as long as there is a clear business need for it and it should be securely destroyed (e.g. by shredding) after that period has passed.

This guidance note provides a non-exhaustive list of the type of records that should be retained for different categories of employee data and also provides details of the minimum retention times for keeping each set of employee data.

Information is provided on the following groups of employee data:

1. Salary Records and Deductions
2. Incapacity for Work
3. Working Time
4. National Minimum Wage
5. Absence during Pregnancy and Statutory Maternity Pay (SMP)
6. Statutory Paternity Pay, Statutory Shared Parental Pay and Statutory Adoption Pay
7. Employee HR Files
8. Job Applications
9. Accident Records

Once you have subscribed to the appropriate document folder click on the “Download Document” button. You will be asked what you want to do with the file. It is recommended that you save the document to a location of your choice prior to viewing.