Skip to the content

What HR Information Must You Hold and for How Long for GDPR Compliance?

In the second of a series of blogs on the GDPR Ben considers what HR information you must hold and for how long.

From an HR perspective, the GDPR provisions raise very significant considerations for global employers. For a multinational employer, detailed understanding of global data flows will become increasingly key. This is especially critical where a centralised storage and database solution manages global (both EU and non-EU group company) HR data. Non-EU group companies, using a shared resource, may find themselves directly affected by the GDPR.

For the Data Protection Act of 1998 it was laid out that the following payroll information must be retained, for how long and why:

 

PAYROLL DOCUMENTATION

Document Retention Period Reason for Retention Period 
Income Tax records re employees leaving i.e. P45 Six years plus current year Taxes Management Act
Notice to employer of tax code (P6) Six years plus current year Taxes Management Act
Certificate of pay and tax deducted (P60) Six years plus current year

Taxes Management Act

Notice of Tax change Six years plus current year Taxes Management Act
Annual Return of taxable pay and tax deducted Six years plus current year Taxes Management Act
Records of pension  deductions (including superannuation) Six years plus current year Pensions Act 1995
Clock cards Two years after audit Audit
Payroll and payroll control account Six years plus current year Companies Act/Charities Act and taxes Management Act

However, there is also the need to look to retain employee/personal records and commercial records. So, it is important to carry out a data audit., carefully assess current HR data and related retention periods and identify any gaps with the GDPR.

 

Get in touch

Want to find out more? Get in touch and discover what Symatrix could do for your business. We’d love to chat.