How Long Can I Keep Employee Data Under GDPR?

How Long Can I Keep Employee Data Under GDPR?

14 December 2023

Share this blog

The General Data Protection Regulation (GDPR), implemented in 2018, significantly altered how organisations handle personal data. For employers, understanding the key principles of GDPR is crucial, especially when it comes to managing and retaining employee data.

One of the most frequently asked questions from employers is ‘how long can I keep employee data under GDPR?’. Well, in this blog we explore in this in more detail along with providing you with some best practices when it comes to data retention.

Understanding GDPR and its implications for employee data

GDPR places an obligation on employers that personal data should be kept no longer than is necessary for the purposes for which it is processed. This principle, which is known as data minimisation, requires employers to regularly review the personal data they hold and erase or anonymise it when it’s no longer needed. Under GDPR regulations, you must have a legal basis for processing and retaining personal data which will include consent, contract necessity, compliance with a legal obligation, and other legitimate business interests.

Throughout the course of the employee lifecycle, employers will collect an array of data about their employees, and how long that data should be retained for will depend on a number of factors. There isn’t a single approach to retention periods, in fact GDPR does not actually specify any set retention periods for employee data. It’s therefore important for employers to understand what data they hold and how long it can be retained for. Let’s look at some common forms of employee data:

  • Employment contracts and records – generally, employment contracts and related documents should be retained for six years after the end of employment. This period aligns with the UK’s statutory limitation period for contractual claims, which provides a sound legal basis for retention.
  • Payroll and tax records – payroll records must be kept for at least three years, as required by HMRC. Additionally, certain tax documents might need to be kept for up to seven years to comply with various tax laws.
  • Health and safety records – records related to health and safety, including accident reports and risk assessments, should be retained for at least three years. For employees exposed to hazardous substances, records should be kept for up to 40 years.
  • Recruitment data – personal data collected during recruitment, such as CVs and interview notes, should be kept for a reasonable period—typically six months to a year. This allows you to effectively manage any claims of discrimination or unfair recruitment practices which may be brought against your business.
  • Disciplinary and grievance records – these records should be kept for six years after the resolution of the issue. This period ensures that you have documentation available should any legal challenges arise.
  • Employee benefits records – pensions and other long-term benefits records should be kept for a significant period, guidance suggests up to 12 years, due to the nature of the benefits and potential claims long after employment has ended.

Good practice for data retention

To comply with GDPR and manage employee data, it’s recommended that employers put in place effective measures as follows:

  1. Data Retention Policy – develop a clear data retention policy that outlines how long different types of employee data will be retained for and the rationale for these timescales. For policies to be effective, everyone needs to understand them and therefore the data retention policy should be communicated to all employees and regularly reviewed.
  2. Regular audits – it’s important to carry out regular audits of your employee data to ensure compliance with your data retention policy. Establish an audit timetable and make sure that staff involved in the process have key dates in their diaries. When it comes to the audit itself, you should identify and securely delete or anonymise data that is no longer necessary.
  3. Automated data management – data which is held in hard copy format can be time consuming and expensive to manage. Employers should therefore consider using HR software with automated data management features to streamline the process of data retention and deletion. Automated reminders and actions can help ensure compliance and reduce the risk of human error.
  4. Data minimisation – by only collecting the data you need for specific purposes in the first place, you will minimise the data you need to retain and ultimately delete. This principle not only helps with GDPR compliance, but also reduces the risk of data breaches.
  5. Secure disposal – ensure that data is securely disposed of once it is no longer needed. This includes both digital and physical records. Use shredding services for paper documents and data wiping tools for electronic records.
  6. Training – ensuring that staff understand their roles and responsibilities and the general principles of GDPR and data retention is critical to managing it effectively. In person or online training can be used and it’s good practice to include this as part of your new starter induction process and to run regular refreshers for all staff.

Consequences of non-compliance

Failure to comply with GDPR can result in significant penalties. The Information Commissioner’s Office (ICO) can impose fines of up to €20 million, or 4% of the company’s annual global turnover, whichever is higher. Beyond financial penalties, non-compliance can damage your organisation’s reputation and erode trust with employees and clients.

As an employer, navigating GDPR can be daunting, however, the Information Commissioner’s Office is a fantastic resource and offers a wealth of information for employers.

Looking for secure HR software?

HRX stores employee data securely thanks to our robust security system and this in turn helps you as a business to meet your GDPR obligations so that you can rest easy. If you’d like to learn more about our HR software, get in touch with our experts today. Alternatively, you can try it out for yourself by signing up for your FREE 30 day trial today.


Similar Blogs

communication-in-the-workplace

How Can HR Software Help Improve Communication in the Workplace?

Effective workplace communication is crucial for any business which is looking for high productivity, strong employee satisfaction, and streamlined workflows. With the rise of hybrid and remote working arrangements, communication tools are now crucial in order to help employees to stay connected. HR software solutions are increasingly equipped with communication-enhancing features that can help bridge…
View Article

10 April 2024

employee-absenteeism

Top 5 Employee Absenteeism Reasons and How You Can Avoid Them

Employee absenteeism is an issue that affects many employers. Absenteeism not only affects productivity, but can also lead to burnout, stress, and even resentment among employees who have to provide cover for absent colleagues. When employers understand the common reasons behind absenteeism and proactively address these issues, it can make a significant difference for them….
View Article

4 April 2024

paternity-leave-and-pay

A Guide to Paternity Leave and Pay

As a new or expectant father, it’s essential to understand your rights regarding paternity leave and pay. You have statutory entitlements that ensure you can take time off work to bond with your child and support your partner. Whether you’re navigating this for the first time or need a refresher in light of the upcoming…
View Article

20 March 2024

Take it for a spin

It’s so easy to get started, join us on a quick demo and we’ll talk you through the system. We also provide free onboarding to get you started.

Call us on

01282 921000

Monday to Friday 9am - 5pm

30 days free No credit card required Quick & Easy

Book a demo

Contact Us
When is the best time to call