BrightHR’s Alan Price discusses the legal requirements for maintaining employee records and data according to GDPR.
Under current law, you must make sure that all personal data is kept secure, correct and up to date.
When you gather personal data, you must tell the individual who you are and how you plan to use their information, including if it’ll be shared with other companies.
You must also tell them of their right to access their information and request a change if it’s wrong, be removed or not used for certain purposes.
One of the most common questions about personal data in the workplace is how long you need to keep staff records. The answer to this will depend on whose data you’re keeping and how long you’ve stored it for already.
So, let’s find out how long you should keep records for current staff, former staff and job applicants.
How long should you keep current staff data?
GDPR doesn’t set out any minimum or maximum time limits for keeping staff data. But it does say that you shouldn’t keep personal data for longer than you need to.
The length of time you’ll keep data for will depend on the reason why you collected it. For example, if you collect an employee’s contact number to use in case of an emergency, it’s not necessary to keep this once the employee leaves.
You must decide how long it’s necessary to hold data. That said, there are legal requirements for you to follow.
Here are a few.
Working time records
Keep for two years from the date the records refer to.
Payroll records
Keep for three years from the end of the tax year that they relate to.
Maternity, paternity or shared parental pay records
Keep for three years after the end of the tax year that the payment stopped.
How long should you keep former staff data?
After an employee leaves, you shouldn’t bin their records right away. You might need them to defend yourself against a tribunal or court claim.
Generally, an employee can make a claim, to an employment tribunal within three months of their employment ending. But depending on the claim, the limit can be six months or longer.
If an employee claims that you’ve breached their contract, they might take you to the civil courts. They can do this within six years of the alleged breach.
As a result, you should keep personal data, performance appraisals and employment contracts for six years after an employee leaves.
Don’t forget, a former employee – or anyone you hold data on – might issue you with a subject access request (SAR) to see what data you have on them.
By Alan Price
Alan Price is the CEO at BrightHR and COO at the Peninsula Group. A version of this article was previously published on the BrightHR blog.
Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.