Data Protection and Retention of Employment Records

April 2017

With the EU General Data Protection Regulation due to come into force in a little over a year, now is the time to start preparing your business and putting in place the structures to ensure compliance.

With storage space at a premium in most businesses one issue that regularly arises for employers is how long to keep personal data.   Section 2(1)(c)(iv) of the Data Protection Act 1988 provides that:

the data shall not be kept for longer than is necessary for that purpose or those purposes.”

But what is a reasonable period to keep personal data? Firstly, this will depend on the nature of the data and the purpose for which it is held. In considering this you will also need to be cognisant of statutory time limits and your requirement to comply with these time limits also.

Below is a quick reference guide for employers highlighting time limits that will be relevant for most employers during the course of their day-to-day business:

 

Legislation                           Data                                              Time Period                         

Organisation of Working Time Act 1997 and Organisation of
Working Time Act (Records) (Prescribed Form and Exemptions) Regulations 2001

Records relating to weekly working hours, holidays, PPS numbers, statement of duties and the name and address of each employee. 3 years from date of creation.
National Minimum Wage Act 2000

 

Pay records, e.g. payslips showing compliance. 3 years from date of creation.
Terms of Employment (Information) Act 1994

 

Terms and Conditions of Employment. Duration of employment.
Parental Leave Acts 1998 and 2006

 

Record of dates and times of any parental or force majeure leave taken by employees. 8 years from the date of the leave.
Protection of Young Persons (Employment) Act 1996

 

Records of age for those under 18 years of age. 3 years from date of creation.
Companies Acts and Taxes Consolidation Act 1997

 

Records of tax payment. 6 years from the end of the tax year.
Companies Act 2014

 

Accounting records. 6 years after the end of the financial year.
Companies Act 2014

 

Books and records of a Company. Books and records of a Company.
Safety Health and Welfare at Work Act
(General Applications) 1993

 

Records of Accidents and dangerous occurrences. 10 years from the date of the accident.
Criminal Justice (Money
Laundering and Terrorist Financing) Act 2010

 

Customer due diligence. 5 years after the end of the business relationship.
EU Funding EU funding contracts. 10 years.

 

For more information please contact Emma Richmond, any member of our data protection team or your usual Whitney Moore contact.