How to manage the retention of employee data
Author: Darren Newman
Click on any of the hyperlinks to go to more detailed guidance below.
- Be aware of the requirements of the fifth data protection principle.
- Be aware of which data is covered by the Data Protection Act 1998, and conduct a full review of manual personal data that has been held since before October 1998.
- Put in place a specific policy on the retention times for particular types of employee data based on the needs of the business.
- In general, destroy records relating to recruitment five months after the completion of the recruitment exercise.
- Inform job applicants if you intend to keep their details with a view to considering them for future vacancies.
- Ensure that your disciplinary procedure does not give the impression that data relating to disciplinary proceedings will be destroyed when the relevant warning expires.
- In general, do not delete personal data that may be needed to defend a tribunal claim until eight months after the end of an individual's employment.
- After eight months, begin to weed out data that is not relevant to potential breach of contract or personal injury claims.
- Keep information relating to the payment of salary, bonuses and commission for six years following the end of employment.
- Keep information relating to health and safety matters for at least three years following the end of employment, and assess whether the possibility of latent claims means that the records need to be kept for longer.
- Remember that there are legal obligations on employers to keep certain records for specific periods of time.
- Take into account that you may need to keep information for longer than eight months if it is likely to be needed to prepare an appropriate reference for the employee or in the event that he or she reapplies for employment with the company.