Guidance Note: Managing the Retention of Employee Data
The General Data Protection Regulation (GDPR) came into effect on 25 May 2018 and, since the end of the Brexit transition period has been succeeded by the UK GDPR. The UK GDPR retains the EU GDPR in UK law with certain contextual amendments to make it work as domestic legislation. Under the UK GDPR, employers are required to be transparent about their data retention policies and procedures and the penalties for non-compliance are much greater than was the case under the old Data Protection Act regime.
The UK GDPR lays down requirements relating to the retention of personal data. It is a key requirement that personal data should only be retained for as long as there is a clear business need for it and it should be securely destroyed (e.g. by shredding or, if electronic, using a suitable secure deletion method) after that period has passed.
This guidance note provides a non-exhaustive list of the type of records that should be retained for different categories of employee data and also provides details of the minimum retention times for keeping each set of employee data.
Information is provided on the following groups of employee data:
1. Salary Records and Deductions
2. Incapacity for Work
3. Working Time
4. National Minimum Wage
5. Absence during Pregnancy and Statutory Maternity Pay (SMP)
6. Statutory Paternity Pay, Statutory Shared Parental Pay and Statutory Adoption Pay
7. Employee HR Files
8. Job Applications
9. Accident Records
Once you have subscribed to the appropriate document folder click on the “Download Document” button. You will be asked what you want to do with the file. It is recommended that you save the document to a location of your choice prior to viewing.