Shred or Store?
One of the most frequently asked questions, I get asked when discussing the new General Data Protection Regulations (GDPR) is about retention of Employee Records.
There's no one simple answer.
The GDPR gives some guidance - data should 'not be kept longer than necessary for the purpose for which it was processed’.
So, what does this mean? It means you’ll need to apply some judgement and different retention times for different types of personal data depending on your statutory obligations and business requirements.
For example, data such as wage /salary records, these should be held for six years - after the employee has left your organisation. The payroll records may need to be used to defend at a potential tribunal, so holding them for the first 3 months is sensible. But the information could also be used to defend a civil claim, which gives individuals a time limit of 6 years (after termination) upon which to make a claim.
There are no hard and fast rules, so you should try to abide by the main principles of the regulations - i.e. protect your employee's data.
The GDPR differs from the current situation insofar as GDPR is a legal requirement rather than a best practices scenario. If you've already got plans in place to become GDPR compliant or you'd like advice on how to make that happen, then email me at firstname.lastname@example.org or call to make an appointment.