UK staffing and HR records retention: how to stay compliant

With GDPR now in full force, UK businesses of all shapes and sizes have to gather and manage citizens’ data according to a strict set of regulations. This can be more of a challenge for smaller businesses that perhaps don’t have the in-house legal expertise or dedicated information management teams of their larger competitors. Regardless, the legislation applies ubiquitously, and the onus is on companies to adhere to the rules – or risk facing severe penalties for non-compliance.

Over the past year or so, businesses have understandably focused on achieving full compliance with new GDPR requirements. However, it’s important that they also pay attention to long-standing regulations around data retention. There is a lot of emphasis on data protection and privacy, requiring businesses to release data they don’t need or have permission to use – but there is also information that businesses are in fact legally required to hold onto for specific periods of time.

Compliant data retention therefore requires having systems in place to determine when employee records should be kept, and when they should be destroyed. Failing to manage your records correctly could have disastrous consequences for your business, such as eroding employee and customer trust, losing or compromising important personal data, incurring fines from legislative bodies, and increasing the administrative burden.

Employee and HR records are critical company files that come with potentially complex retention periods. If your business is without a dedicated HR or staffing manager to manage your employee records, ensuring compliance can be hard to get right.

To help you understand statutory retention periods for employee records, here are some examples of what you need to pay attention to.

  1. Employee tax. Income tax and National Insurance (NI) returns leave voluminous paper trails. A large amount of correspondence is required with HMRC and, as the records and documents pile up, it gets harder to keep track of what is what. To help navigate the various retention periods in as simple and stress-free a way as possible, the Income Tax (Employments) Regulations offers a good guide. According to this framework, it’s best to hold onto your tax records for at least three years after the end of the relevant financial year.
  2. Wages. According to the Taxes Management Act, you need to keep all salary records for six years. This doesn’t just relate to wages; businesses are required to retain all documents pertaining to overtime, bonuses, and expenses. While somewhat laborious, this will protect your business in the event of a tax issue or underpayment claim.
  3. Health and safety. Health and safety records don’t come with a set retention period. That said, it’s always best to err on the side of caution and hold onto them for perhaps longer than you might feel is necessary. Given that claims can occur unexpectedly, best practice is to retain these records permanently.
  4. Pensions. If your company is of a certain size, then UK law requires you to provide an employee pension scheme. Offering a pension scheme, whether legally necessary or not, can also be good for business in more ways than one. It’s becoming an increasingly popular workplace benefit and can help attract and retain employees. Pension records do, however, come with a lengthy retention period and its advisable to keep them for 12 years from the policy end date.

PREMIUM CONTENT: Global overview of data privacy developments

Non-statutory retention periods

Many types of personnel records don’t come with a legally prescribed retention period. These grey areas can be tricky to navigate, making it hard for employers to determine how long they should hold onto various documents. In the absence of any definite policies, most companies follow their own rules, depending on their needs and the type of documents being stored.

As a guide, it’s best to always bear in mind the time limits for potential tribunal or civil claims when determining retention periods. This way you are always protected should a claim occur years after the event. A good rule of thumb is to hold onto all records for at least six years – or five if your business is based in Scotland.

Best practices for records retention

Documents that require retention will need to be stored somewhere safe and accessible. How and where your documents are stored is critical to their retention. If you are planning to store your documents in boxes on-site, make sure you have the necessary space to keep them safe and out of the way. Of course, who has access to your records is as important as how and where they are stored.

To ensure that all your records are stored securely, you need to put in place access control measures. Documents move around regularly. They are passed between colleagues,  removed from storage and often get lost or misplaced. There’s no point in retaining documents if you don’t know where they are at any given time. A comprehensive cataloging and monitoring system will ensure that no records go missing.  Better yet, you may consider outsourcing your records management needs to an off-site provider.

Navigating data regulations and retention periods can be enormously challenging and confusing. When something is overly complex or unclear, it’s tempting to simply ignore it – or put it off indefinitely. Given that data protection and retention requirements are more important than ever before and thus under the spotlight, you need to stay in line with the legislation.

Paul Ravey

Paul Ravey
Paul Ravey is a manager at Access Records Management, which provides secure archiving and records management services in the UK.

Paul Ravey

Share This Post


Recent Articles

Powered by ·