Blog Layout

Retaining Employee Data

Helen Durbin • Jun 10, 2022

Unsure about what you're allowed to keep and how long for? We're here to give you the lowdown on recommended best practice for retaining employee data.

Are you guilty of having employee paperwork saved to your desktop or a drawer full of CVs that you’ve never got around to dealing with? Storing individual’s data in this way could mean that you are breaching the GDPR guidance. The fines can be hefty so if this sounds like you, read on…….

 

Although the Data Protection Act (DPA) and General Data Protection Regulations (GDPR) do not expressly set out specific minimum or maximum periods for retaining employee data, it is crystal clear that data must not be kept any longer than is necessary for a legitimate purpose and it must not be excessive. 

 

The emphasis is on the employer (the data controller) to have systems in place to determine how long the data should be retained and when records should be destroyed so it’s vital that your business is adhering to the correct statutory retention periods for different document types in order to remain compliant. 

 

A lot of businesses now use HR software to house their employee data and this will often mean that you are compliant with the regulations. However, if you’re not using HR software (or even if you are, but you still have boxes of paperwork stacked in the corner or employee files saved on a shared drive) then now is the time to ensure that the records you hold comply with retention guidelines. 

 

How long should I store data for? 

 

If in doubt you should keep employee records for at least 6 years to cover the time limit for an individual to be able to bring any civil legal action, however the table below summarises the statutory retention periods for the different types of employee data. 


Remember that GDPR legislation means that employees can request to view information that you hold about them, even after they have left and it’s for this reason that it is imperative that records are only retained as long as necessary and are accurate. 


Get in touch if you have any queries regarding your employee data or if you want to check you are fully compliant. 



Record Type Statutory Retention Period
Accident books, accident records/reports 3 years from the date of the last entry (or, if the accident involves a young child/adult, then until that person reaches the age of 21).
Application and Recruitment Records 6-12 months (in case of a pre-employment claim). If you want to keep CVs longer (because you want to use them for a future talent pool), then you will require consent from the applicant. The easiest way to do this is to provide candidates with a privacy notice, setting out how you will use their personal data and for how long it will be kept.
Coronavirus Job Retention Scheme 6 years for furlough records – including the amount claimed, claim period for each employee, the claim reference number, calculations, usual hours worked (including any calculations for furloughed employees) and actual hours worked for flexibly furloughed employees. The guidance says employers should retain the written furlough agreement for 5 years but HMRC can retrospectively audit all claims so it is important to keep a copy of all records for at least 6 years.
First Aid Training 6 years after employment
Fire Warden Training 6 years after employment
Health and Safety representatives and employees’ training 5 years after employment
Payroll wage/salary records (also overtime, bonuses, expenses) 6 years from the end of the tax year to which they relate
Retirement Benefits Schemes – records of notifiable events, for example, relating to incapacity 6 years from the end of the scheme year in which the event took place
Statutory Maternity Pay records, calculations, certificates (Mat B1s) or other medical evidence (also shared parental, paternity and adoption pay records) 3 years after the end of the tax year in which the maternity period ends
Subject Access Request 1 year following completion of the request
Whistleblowing documents 6 months following the outcome (if a substantiated investigation). If unsubstantiated, personal data should be removed immediately.
Working time records including overtime, annual holiday, jury service, time off for dependents, etc 2 years from date on which they were made.

Share blog:

Share blog:

Other posts:

How to survive the post-Christmas back to work blues

Surviving the post-Christmas back to work blues

By Gemma Higgins 04 Jan, 2024
It's tough to get back into work after the Christmas and new year celebrations. We share some tips to try and ease you back in gently

Nearly time for the Jubilee Bank Holiday

By Helen Durbin 06 May, 2022
Struggling to make sense of the extra bank holiday for the Queen's Jubilee celebrations? Don't worry, here's our quick guide to help!

IR35 - Could it be a hard landing for your business?

By Gemma Higgins 23 Mar, 2022
The ‘grace period’ for IR35 regulations ends soon - so if your business is engaging with contractors, now is a good time to review and update your status determinations.
SEE MORE
Share by: