What HR Information Must You Hold and for How Long for GDPR Compliance?
In the second of a series of blogs on the GDPR Ben considers what HR information you must hold and for how long.
From an HR perspective, the GDPR provisions raise very significant considerations for global employers. For a multinational employer, detailed understanding of global data flows will become increasingly key. This is especially critical where a centralised storage and database solution manages global (both EU and non-EU group company) HR data. Non-EU group companies, using a shared resource, may find themselves directly affected by the GDPR.
For the Data Protection Act of 1998 it was laid out that the following payroll information must be retained, for how long and why:
PAYROLL DOCUMENTATION |
||
Document | Retention Period | Reason for Retention Period |
Income Tax records re employees leaving i.e. P45 | Six years plus current year | Taxes Management Act |
Notice to employer of tax code (P6) | Six years plus current year | Taxes Management Act |
Certificate of pay and tax deducted (P60) | Six years plus current year |
Taxes Management Act |
Notice of Tax change | Six years plus current year | Taxes Management Act |
Annual Return of taxable pay and tax deducted | Six years plus current year | Taxes Management Act |
Records of pension deductions (including superannuation) | Six years plus current year | Pensions Act 1995 |
Clock cards | Two years after audit | Audit |
Payroll and payroll control account | Six years plus current year | Companies Act/Charities Act and taxes Management Act |
However, there is also the need to look to retain employee/personal records and commercial records. So, it is important to carry out a data audit., carefully assess current HR data and related retention periods and identify any gaps with the GDPR.
Get in touch
Want to find out more? Get in touch and discover what Symatrix could do for your business. We’d love to chat.