Resources
Post a Job
 Special offer 

Jumpstart your hiring with a £100 credit to sponsor your first job.*

Sponsored Jobs deliver 85% more applicants on average than non-sponsored jobs.**
  • Attract the talent you’re looking for
  • Get more visibility in search results
  • Appear to more candidates longer
*The £100 Sponsored Job credit offer is only available for new accounts in the UK that post a job and expires one year after account creation. Upon expiration of the credit, users are charged based on Sponsored Job budget. Terms, conditions and quality standards apply **Indeed data, United Kingdom, March-May 2023

Records retention in the UK

Edited by Indeed Employer Content Team
Our mission

Indeed’s Employer Resource Library helps businesses grow and manage their workforce. With over 15,000 articles in 6 languages, we offer tactical advice, how-tos and best practices to help businesses hire and retain great employees.

Read our editorial guidelines

All SME owners should have a good understanding of the legal requirements around HR records retention. You should familiarise yourself with the different storage methods of this data, the kinds of data that are covered by HR records, and UK data retention periods.

Ready to get started?

Post a job

Ready to get started?

Post a job

Different kinds of HR data

There are several kinds of data covered by HR records.

Make sure that you are familiar with the kinds of data covered, which include:

  • hours worked by employees;
  • employee pay;
  • recruitment data;
  • absence or sick leave;
  • employee turnover.

Your HR may include other kinds of people data, and you should make sure that you understand the law around retaining these different types of data. This is because they have different retention periods.

The UK law around records retention

The UK law on records retention was updated with the introduction of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA). The new GDPR covers more types of data. Although UK legislation requires you to keep a record of your employee data, the GDPR makes doing so more complicated. Familiarise yourself with the definitions of the two terms below.

What is the GDPR?

The GDPR means that your employees have the right to access employee data that you hold on them. It also means that this data must be managed correctly, should only be held with good reason and only for a certain length of time.

The GDPR supersedes the original DPA in 1998 and came into force in May 2018 alongside the DPA 2018. You should be aware of the differences between the GDPR and the DPA 2018, and what they mean for the retention of HR records. The GDPR works in tandem with the DPA 2018, and although there are subtle differences between them, you need to comply with both in the UK. In the UK, the original EU GDPR 2018 was replaced by the UK GDPR in January 2021, with a few updates to make it more relevant to the UK and reflect the UK’s exit from the EU. If you also run a business in Europe, you will need to comply with both EU and UK GDPR rules.

What is the DPA?

The first DPA was introduced in 1998, well before the GDPR, and gives your employees rights in relation to how you process their data. It is a UK-made law and also gives information on which types of data you are required to keep. The first DPA created the framework for the UK’s data protection law. The new DPA introduced in 2018 alongside the EU GDPR retains much of the DPA 1998 legislation. The UK’s DPA 2018 reflects the legal requirements set out in the GDPR. Some records must be retained according to the DPA (statutory), but for other records retaining them is only a recommendation (non-statutory).

The new DPA includes more types of data, extending to include national security and defence. There is now stronger legal protection surrounding characteristics such as race, religious belief, whether an employee is a member of a trade union and health. The DPA tells you how you are allowed to process the data that you collect in relation to your employees. According to the DPA 2018, when you are processing employee data, you must follow certain rules. Your employees have the right to access the data that you collect about them, ensure that it is accurate, know what kind of data it is and know what you are using it for.

UK data retention periods

There are a lot of rules around the retention of records, such as how long you can hold on to employee records. The length of time for which you hold on to records cannot be excessive. However, what is considered an adequate time frame will vary depending on the type of record.

Statutory retention of records

According to the DPA 2018, you must retain certain types of records. These have different statutory UK data retention periods, which you are legally obliged to adhere to.

Statutory UK data retention periods include:

  • accident reports: should be kept for three years;
  • first aid reports: should be kept for six years;
  • fire warden training: six years following employment;
  • income tax records, returns and any communications with HMRC: should be kept for up to three years after the financial year they correspond to;
  • medical records and biological test information (Control of Lead at Work Regulations): 40 years following the time of final entry;
  • medical records and biological test information (Control of Substances Hazardous to Health Regulations): 40 years following the time of final entry;
  • information relating to whistleblowing: six months after a case outcome, or deleted immediately following an unsubstantiated investigation;
  • employee training: should be kept for five years following their employment with you.

From the above, you can see that in certain circumstances, some records on previous employees need to be kept even after they have left. They may be needed, for example, if employees make claims against you or to help former employees in future legal disputes with other workplaces. However, not all types of records have a statutory UK data retention period; in this case, you will have to decide how long to retain the record for.

Retaining non-statutory records

Some records do not have to be retained by law but you may want to keep them for other reasons.

For example, you should aim to retain the following records:

  • CCTV footage, for unfair dismissal claims;
  • COVID-19 vaccination information: this information is special category data and you should have a lawful reason for processing this;
  • requests for flexible working;
  • parental leave;
  • training records;
  • references;
  • right to work in the UK checks;
  • redundancy information.

According to the UK Limitation Act 1980 there is usually a six-year time limit for starting legal proceedings, therefore it is a good idea to keep contractual claim information for at least six years so that you have this information available if such a case arises during that six-year time frame.

For records that you hold on to for a long time, you should consider removing personal information from confidential data, such as sickness records. Furthermore, your managers should not have access to confidential data such as sickness records if they only need to access records pertaining to employee absences. According to the UK’s rules on recruitment data retention, any special category data relating to recruitment information may only be processed with explicit consent, so this needs to be a central tenet of your recruitment data retention policy.

Permanent records

There are some records that you should try to keep hold of permanently. This includes actuarial valuation reports. These reports help your business’s accountants to keep track of future financial liabilities payable to employees in the future, such as pensions.

Public sector records

According to the Freedom of Information Acts 2000, any public sector records that you have must comply with Section 46 of the Freedom of Information Code of Practice. Each UK Government department has its own rules around the retention of records, and you should familiarise yourself with them.

See more: 5 Useful Questions Employers Should Ask When Conducting a Reference Check

Recent Accountancy Articles

See all articles in this category
Three individuals are sitting at a table with a laptop, a disposable coffee cup, notebooks, and a phone visible. Two are facing each other, while the third’s back is to the camera. The setting appears to be a bright room with large windows.

Ready to get started?

Post a job

Related articles

UK Small Business Grants
Read article
Mileage rates and allowances: What UK employers should know
Read article
What is people analytics?
Read article

Indeed’s Employer Resource Library helps businesses grow and manage their workforce. With over 15,000 articles in 6 languages, we offer tactical advice, how-tos and best practices to help businesses hire and retain great employees.

Read our editorial guidelines