There is no hard-set rule as to how long certain pieces of data can be held by an organisation. However, legally, you can only hold onto employee information if the reason(s) for retaining it is compliant with the GDPR.
And because the GDPR isn't prescriptive or dictatorial in telling any of us what data we can hold and how long we can keep it for, this means that each company will have written their own Data Retention Policy and the rules stated therein will need to be upheld.
Some employee data is likely to have a longer ‘life’ than other data. For example, where a company may choose to hold onto an ex-employee’s absence records or performance outputs for a specified period of time, they may no longer have justification to retain their bank details or salary records.
Following some investigation, the vast majority of HR software systems have very limited capability in giving clients the tools that they would find useful to determine and control what data is deleted, and when, and what data is retained and for how long. Therefore, where manual processes are relied upon and organisations are devoid of meaningful automation, they run serious risks of non-compliance with the GDPR relating to employee data.
As a professional HR software supplier, Youmanage differs hugely and we're very pleased to have been able to develop functional capabilities to assist our own clients with their own data compliance efforts. We have developed a ground-breaking Data Retention Framework, which provides each client with the flexibility to 'plug-in' their own data retention rules.
It is likely that different organisations will have different requirements in terms of what data they need to hold on to which is why the Data Retention Framework provides for flexible and configurable approach. Each client is able to set up their data retention criteria in different ways and choose which data is scheduled for deletion and when.
In addition, clients will want to keep elements of employee related data to ensure that they retain the integrity of their historical reporting capability, for example absence data. Therefore, clients also have the capability to anonymise employee records but retain the data that was once associated with an employee record.
We've also written another article to advise you on how to use HR software in line with GDPR - check it out here.
If you have any questions regarding the Data Retention Framework, or would like to find out how Youmanage can support your compliance efforts, please get in touch, request a free demo or take out a free trial.