The increasing number of workforce transformations and exploding demographics directly translates to large volumes of employee records. And now, there is an equally greater effort required in managing employee data after GDPR!
Here we will be discussing what types of records should be included in an employee file, compliance considerations, and tips on digitisation. Click below to jump through the sections!What is an Employee File?Employee Records Checklist and Retention GuidelinesEmployee Files and GDPRChecklist for Digitising Employee Files
What is an Employee File?
An employee file is a collection of records, i.e. documents and communications, detailing the relationship between the employee and the company. An individual record takes up a single row on a table. These often include confidential information and information necessary for regulatory audits concerning the organisation.
The employee file is a broad classification where an employee’s medical files, payroll documents, and the personnel file sits.
Employee Records Checklist and Retention Guidelines
How Long Should You Keep Employee Records?
On average, UK based organisations maintain approx. 50 records per employee for their employee file. This includes documents like P60's, P45's, health insurance details, performance sheets, holiday requests and even email communications. But it can be so much more! Each record costs between £5-25 to record, update and retrieve.
To get an idea of data volume, see below a list of records required in an employee file:
Employee Records required by UK law (statutory records):
☐ National Insurance and Tax. 3 years from the end of the tax year they refer to.
☐ Employee Pay details and Pay stubs. 3 years from the pay reference of the pay period it covers.
☐ Logged incidences related to Health and Safety, e.g. accidents, dangerous occurrences in accident books. 3 years from the last entry in the logbook.
☐ Medical Records (varies by nature)
☐ Work-related injuries where the employee is incapacitated for more than three days after the accident. 3 Years minimum.
☐ Work-related medical examinations after handling hazardous materials. 40 years after date of incident.
☐ Immigration Checks. 2 years from termination of employment.
Non-Statutory (but highly recommended!) Records
☐ Statutory Sick Pay and Paid Sickness. Since 2014, there are no statutory retention requirements. However, CIPD recommends that records should be kept in the employee file for at least 3 years.
☐ Hiring and Applicant data. At least 6 months.
☐ Pension Scheme Records. Until the individual reaches 100.
☐ Pension Scheme Investments. 12 years ending from the last benefit paid for under the policy.
☐ Personnel File. Any non-medical document related to the hiring, onboarding and employee-employer relationship throughout the employee lifecycle. 6 years after the individual has left the organisation.
☐ Termination of Employment. Redundancy details including the calculation of funds. ICO suggests these be kept for 100 years. At minimum, these should be kept for at least 6 years from the date of termination.
☐ Time Sheets and working time records. 2 years after the last audit.
☐ Equal Opportunity Records. At least 6 months, see above’s “hiring and applicant data”
Special Retention Cases (recommended)
☐ Senior Executive Records should be kept permanently. Archive them to give your company a sense of history.
➤ A workflow management tool (Filestore BPM), can create alerts to ensure that your company’s retention schedule is on track. See more here.
It is a corporate decision to keep the number of employee records retention periods down to a realistic few. Best practice is to establish buckets to differentiate which documents need keeping and for how long. It is important to strictly ensure that each bucket is audited before its expiry date.
Employee Files and GDPR
GDPR brings a new raft of considerations when keeping employee files (or more specifically, data!). While a lot of regulations for HR leaders are very similar to the 1998 Data Protection Act, a careful line needs to be drawn on employee consent.
Under the Data Protection Act and GDPR, employees have the right to:
- Right to be informed how their data will be used
- Access to their personal record and file.
- request change and amendments to inaccurate or incomplete data on their records.
- Right to reuse their personal data for their own purposes across services aka. Data portability.
- The right to delete data held of them and block or suppress access to this data, unless they fall under the special cases below….
But here’s where things get interesting. Consent on processing and retaining the data does not have to be given by the employee if:
- Record is in “Employer’s legitimate interest”. Or records that are necessary to establish, exercise or defend legal claims.
- Records that are required by law to retain (i.e., the statutory records mentioned before).
- Records that are necessary for the performance of a contract. E.g. records of sick days for statutory sick pay.
- Data is necessary for the public health.
- Data that is necessary for the performance of a task related to the public interest
This still means, for the principle of transparency, that the employee should know how their data is to be used. Defining “legitimate interest” also means that the data must be proportionate and processed with minimal intrusiveness.
➤ If you need help organising employee data and files, DCS’s Filestore EDM makes sure files can retrieved quickly. Click to see Filestore EDM.
What it boils down: protecting the organisations’ legitimate interest supersedes the employee’s privacy. If you are unsure on what is a legitimate interest, ask legal consul and/or your Data Protection Officer!
Don’t forget, you have 1 calendar month to explain your reason not to delete an employee’s data.
Checklist for Digitising Employee Files
Employee files and HR records occupy a large amount of office space costing a lot in storage, boxes, etc. Choosing digital storage can reduce this cost so that you can place this money into more value-added business assets. Here are some things to consider:
☐ Ongoing maintenance cost and the overall Capital Spend
Maintaining different record centres at different locations could prove very costly. Digital ERM (employee records management) makes it possible and cost-effective to manage all HR records in one low cost centre.
☐ Cost of Staff and Training
The cost of managing paper records could quickly add up and a digital records management system helps control these costs by automating downstream paper intensive process.
It is in your company’s interest to make an organisation and its employees’ data as secure as possible. Do you have the technical expertise and resources in your staff?
With GDPR, an organisation has 72 hours to inform national regulators of a data breach. The only time this isn’t the case is if the company can prove that the breach did not risk any person’s rights or freedoms. The expanded power of regulators under GDPR makes audits more in-depth and comprehensive and any breach that is evident will very likely be questioned.
☐ Site needs
Faster, secure access to employee files improves the productivity of HR resources. Records should be in a centralised repository space so that any data request can be swiftly enacted.
➤ Software suggestion: Kofax Capture is a scan-to-capture technology that can place records in their respective tables after a mere scan!
Your HR staff will longer waste time in non-productive administrative tasks and file management. Globally distributed HR functions benefit greatly from digital records, as documents can be accessed from any location.
Disclaimer: The above article should be used for general research purposes and is not a substitute for legal guidance.
You Might Also Like…
New Look HR Records Case Study
DCS Human Resources Solutions Showcase
Blog Post: Making Right to Work Checks Easier
Resources on the Web:
Acas Advisory Booklet on Record Keeping
CIPD legal fact sheet (registration required)
ICO's Section on GDPR