Keeping Personal Data on your Employees
The information you hold on your employees is protected by the General Data Protection Regulation (GDPR) and the data protection Act 1988.
Here are the main principles you will need to follow when holding data on your employees:
- Personal data should be fairly and lawfully processed
- Data should be processed only for specified and lawful purposes
- The data should be adequate, relevant and not excessive
- It should be accurate and kept up to date
- The data should not kept for longer than is necessary
- It should be processed in line with the employee’s rights under the act
- It should be kept secure
- Personal data should not be transferred to countries outside the European Economic Area without adequate protection.
What information can be held?
Employers can keep computerised or paper records of:
- Personal data: Including employees name, address, date of birth, sex, education and qualifications, NI number and details of any known disability.
- Employment history: Such as terms and conditions, training and appraisals, together with grievance and disciplinary matters.
Sensitive personal data (for example, information about health, racial or ethnic origins, religion or belief, sexual orientation or criminal history) should not be held on employee’s records without their consent. Employees have a right to be informed what records are kept and how they are used.
Make sure HR and payroll Data is up to date:
Please make sure that the HR records you hold on your employees are stored securely, are accurate and kept up to date. You must information the payroll of any changes to your employee’s personal data in a timely fashion, so that data stored remains current and relevant, such as:
- Change of address
- Change of name
- Changes of employment status (i.e. if they leave your employment)
This will help us make sure your payroll data is accurate and remains GPDR compliant.