Employee Data Management: What records must UK employers keep?

Finding employee data management a little confusing? There are a lot of variables to take into consideration when dealing with employee data, so we aren’t surprised! But don’t worry, we have you covered! To find out everything you need to know about employee data management, keep reading. 

What is employee data management?

Employee data management refers to the process of collecting, storing, organising and maintaining information related to employees in compliance with legal requirements and best practices. Effective information management helps you keep accurate and up-to-date records, protect employee privacy and meet your legal obligations. Here are some key aspects of employee data management in the UK: Data collection: Employers collect various types of information during the recruitment, onboarding, and employment processes. This data includes personal information, contact details, employment contracts, tax-related information, payroll records and more. Data protection: Employee data management in the UK is subject to data protection regulations, including the General Data Protection Regulation (GDPR). Businesses must ensure that employee data is stored securely and that access is restricted to authorised personnel. Consent is typically required when processing sensitive personal data, and employees have the right to access, correct or erase their data. Data retention: UK businesses are required to retain certain employee data for specific periods, as defined by employment and tax laws. Retention periods may vary depending on the type of data and its purpose, so it’s crucial to keep records for the required duration and securely dispose of them when no longer needed. Accuracy and updates: Employers are responsible for maintaining accurate and up-to-date employee data. This includes regularly updating information, such as changes in job titles, salaries, contact details and other relevant data. Confidentiality and privacy: Businesses must ensure that sensitive employee data is kept confidential and not disclosed to unauthorised individuals. Confidentiality agreements and data protection policies can help safeguard employee privacy. Compliance with employment laws: UK businesses must comply with various employment laws and regulations related to employee data management. These employment laws cover areas such as discrimination, equal pay, maternity/paternity rights and more. Record keeping: Employers are required to keep records of certain information, such as payroll records, for tax and reporting purposes. These records must be accurate and readily available for inspection by relevant authorities Reporting and auditing: Some organisations may be subject to audits or inspections by government agencies or regulatory bodies to ensure compliance with data protection and employment laws. Proper data management practices facilitate these processes. Employee access and rights: Employees have the right to access their personal data held by their employer and request corrections or erasure when necessary. Employers must provide a process for employees to exercise these rights. Data disposal: When employee data is no longer required for legal or business purposes, it should be securely disposed of to prevent unauthorised access or data breaches. Effective employee data management is not only essential for legal compliance but also for maintaining a positive employer-employee relationship and ensuring smooth HR operations. It often involves the use of a data management system to streamline data management processes and facilitate reporting and compliance. We’d also advise staying informed about any updates or changes in employment and data protection laws to adapt their data management practices accordingly.

Why is data security important in HR?

Data security protects sensitive employee information, ensures compliance with data protection regulations (e.g. GDPR), maintains trust with your employees and prevents data breaches and legal consequences, which can be costly and damaging to your organisation’s reputation. Several laws and regulations come into play with regards to employee data, including:

General Data Protection Regulation (GDPR)

GDPR is a comprehensive EU regulation that governs the processing of personal data, including employee data. It sets strict rules for data protection, security and individuals’ rights; such as the right to access, correct and erase their data.

Data Protection Act 2018

The Data Protection Act 2018 supplements and tailors the GDPR provisions for the UK, providing additional details on the processing of personal data, including employee data. It also covers criminal offences related to data breaches.

Equality Act 2010

The Equality Act addresses discrimination and equal pay issues in the workplace, and it may involve the collection and management of employee data for monitoring and reporting purposes.

Employment Rights Act 1996

The Employment Rights Act outlines various employment rights, including the right to written particulars of employment and the right to access certain employment records.

National Minimum Wage Act 1998

This act governs the minimum wage requirements for employees, which may involve recording and reporting payroll data.

Health and Safety at Work Act 1974

This legislation relates to workplace health and safety, requiring employers to maintain records of safety assessments, accident reports and employee training in these areas.

Pensions Act 2008

The Pensions Act sets requirements for automatic enrolment in workplace pension schemes and the management of pension contributions, which involves maintaining employee data.

Immigration, Asylum and Nationality Act 2006

This act covers the right to work in the UK, necessitating the verification and retention of documentation related to employees’ immigration status. Various tax laws and regulations, including those governing income tax and national insurance contributions, require businesses to collect and maintain payroll data for tax reporting. It’s essential to understand and comply with these laws and regulations during your data management process to avoid legal consequences and protect employee privacy. Non-compliance can lead to fines, penalties and reputational damage. 

Examples of commonly used employee data

In order to ensure you are complying with legal requirements, and to effectively manage your workforce, it is important to keep various types of employee data.  The specific data that must be retained may vary depending on the size and nature of your business, as well as the industry, but here are some common categories of staff information that typically need maintenance: Personal information:

• Full name
• Date of birth
• National Insurance Number (NINO)
• Contact details (address, phone number and email)

Employment contract:

• Employment start date
• Employment terms and conditions
• Job title and description
• Salary and benefits information

Payroll records:

• Salary and wage details
• Tax code and tax-related information
• Deductions (e.g., pension contributions, union fees)
• Payroll reports and records

Work hours and attendance:

• Records of working hours
• Attendance records
• Overtime and leave data

Health and safety records:

• Health assessments and medical records (if relevant)
• Accident reports
• Risk assessments and safety training records

Training and development:

• Training records and certifications
• Performance appraisals and reviews
• Professional development plans

Disciplinary and grievance records:

• Records of disciplinary actions
• Grievance procedures and outcomes

Leave and absence records:

• Annual leave and holiday records
• Sick leave records
• Parental leave records

Pension and benefits information:

• Pension scheme details
• Benefits and perks provided to employees

Other relevant documentation:

• Proof of eligibility to work in the UK
• Employment history and references
• Contracts, agreements, and amendments
• Confidentiality and non-compete agreements

How long should you keep employee records?

How long you keep your employee records can vary depending on the type of record and the specific legal requirements in the UK. However, here are some general guidelines provided by GOV.uk and CIPD: Personal records: Full name, date of birth and National Insurance Number are typically kept for 6 years after employment ends. Contact details (address, phone number, email): As long as the employee is with the company or for a reasonable period after employment ends. Employment contracts and terms: Typically, you should keep these for 6 years after employment ends. Payroll and tax records: Payroll records, including salary and wage details, are typically kept for at least 3 years from the end of the financial year to which they relate. For tax-related information (e.g., tax code, tax calculations) you’re looking at 3 years (at least) from the end of the financial year to which they relate. Work hours and attendance records: Records of working hours, attendance, and overtime are generally kept for at least 2 years, but it’s advisable to keep them for longer in case of disputes. Health and safety records: Health assessments and medical records (if relevant) should be stored for as long as the employee is employed and for a short period after employment ends. Accident reports and risk assessments: Typically, for at least 3 years. Training and development records: Where training records, certifications and performance appraisals are concerned, it’s advisable to keep these for the duration of the employee’s tenure and a short period afterward. Disciplinary and grievance records: These should be kept for at least 6 years. Leave and absence records: Annual leave and holiday records should be stored for at least 2 years, while sick leave records should be kept for at least 3 years. Pension and benefits information: Pension scheme details and records should be kept as long as the employee is a member of the scheme and afterward for a set period. Benefits and perks records are typically maintained for 3 years. Immigration and right to work documentation (if applicable): Proof of eligibility to work in the UK should be kept for the duration of employment and for a short period afterward. These are general guidelines, and specific retention periods may vary based on legal requirements and industry standards. Do think about consulting with legal counsel or relevant authorities to ensure compliance with specific retention periods for your business and industry.

What happens if you overkeep employee records?

If you keep employee records for longer than necessary, you are are at risk of breaching HR compliance regulations. In some circumstances, this puts your business at risk. Here are some potential consequences of retaining employee records for an extended period: Data privacy concerns: Overkeeping employee records can pose privacy risks. Employees have the right to have their personal data handled in a secure and compliant manner. Retaining unnecessary records could expose sensitive employee information to potential breaches or unauthorised access. GDPR and Data Protection Act 2018 violations: Businesses are subject to data protection regulations, including General Data Protection Regulation (GDPR) and the Data Protection Act 2018. Overkeeping records could lead to non-compliance with these regulations, potentially resulting in fines and legal consequences. Storage costs: Keeping records longer than necessary can lead to increased storage costs, both physical and digital. Unnecessary retention of documents and data can be inefficient and costly for a business. Confusion and inefficiency: The longer records are retained, the more difficult it can be to manage and locate specific information when needed. This can lead to operational inefficiencies and increased administrative burdens. Legal risks: In some cases, if records are kept longer than required, they might be used inappropriately or against an employee’s interests, potentially leading to legal disputes or allegations of misconduct. To mitigate these risks, it’s important for businesses to establish clear retention policies and adhere to the specific legal requirements for each type of employee record. Regularly review and update your record retention practices to ensure that you are compliant with data protection laws and industry regulations. Properly disposing of records that are no longer required is as important as retaining them for the appropriate duration.

Can employees request the deletion of their employee information?

Yes, employees have the right to request the deletion of their personal employee information under data protection regulations, including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. This right is often referred to as the “right to erasure” or “right to be forgotten.”

Employees can request the deletion of their personal information if certain conditions are met. Some key points to consider:

What are the grounds for deletion?

Employees can request sensitive data be deleted, if:

• Personal data is no longer necessary for the purpose for which it was collected.
• They withdraw their consent (if consent was the basis for processing) and there’s no other legal ground for processing.
• They object to the processing and there are no overriding legitimate interests.
• The data has been unlawfully processed.
• There is a legal obligation to erase the data.

Employer assessment

Employers should assess each request on a case-by-case basis to determine whether any legitimate grounds for retaining the data exist, such as legal requirements or the establishment, exercise, or defence of legal claims.

Employee rights

If the request is valid, the employer should promptly delete the employee’s data and inform the employee that it has been deleted.

Data portability

In addition to deletion, employees have the right to request their personal data in a commonly used and machine-readable format, which is known as the “right to data portability.”

It’s important to have a clear and efficient process for handling data erasure requests, including verifying the identity of the person making the request. Keep in mind that certain types of data, such as payroll and tax records, may be subject to specific legal retention requirements and cannot be deleted until those requirements are met.

You should also maintain records of data erasure requests and their outcomes to demonstrate compliance with data protection regulations. If there are any doubts or complexities in handling data erasure requests, again, we advise to seek legal counsel or guidance from data protection authorities to ensure compliance.

Choosing an employee database management system

With so much at risk when it comes to employee data management, managing it all manually can cause stress and leave it prone to human error. You can take the pressure off yourself and your business by switching to our trusted HRIS today.  Employment Hero is the world’s first Employment OS (operating system), and is designed to make employment easier for everyone! We offer everything your business needs, from finding and hiring top talent using SmartMatch to seamlessly onboarding new hires, automating complex payroll, and driving employee engagement and morale, all backed by UK-based expert support. Employment Hero empowers over 300,000 businesses worldwide to spend less time on admin, so they can focus on what matters most – their people.  To learn more, get in touch with our team today.

Disclaimer: The information in this post is current as at 6 November 2023, and has been prepared by Employment Hero Pty Ltd (ABN 11 160 047 709) and its related bodies corporate (Employment Hero). The views expressed in this post are general information only, are provided in good faith to assist employers and their employees, and should not be relied on as professional advice. The information is based on data supplied by third parties. While such data is believed to be accurate, it has not been independently verified and no warranties are given that it is complete, accurate, up to date or fit for the purpose for which it is required. Employment Hero does not accept responsibility for any inaccuracy in such data and is not liable for any loss or damage arising either directly or indirectly as a result of reliance on, use of or inability to use any information provided in this article.You should undertake your own research and ‌seek professional advice before making any decisions or relying on the information in this post.