Resources
Post a Job
 Special offer 

Jumpstart your hiring with a £100 credit to sponsor your first job.*

Sponsored Jobs posted directly on Indeed are 65% more likely to report a hire than non-sponsored jobs**
  • Visibility for hard-to-fill roles through branding and urgently hiring
  • Instantly source candidates through matching to expedite your hiring
  • Access skilled candidates to cut down on mismatched hires
*The £100 Sponsored Job credit offer is only available for new accounts in the UK that post a job and expires one year after account creation. Upon expiration of the credit, users are charged based on Sponsored Job budget. Terms, conditions and quality standards apply **Indeed data, United Kingdom, Q2 2024

Records retention in the UK

Edited by Indeed Employer Content Team
Last updated 20 November 2025

Your next read

Data protection and HR GDPR for employers
What is people analytics?
Working time regulations in the UK: all you need to know
Data protection and HR GDPR for employers
What is people analytics?
Working time regulations in the UK: all you need to know
Workers' rights in the UK: a breakdown
UK Small Business Grants
Employee relations in the UK
Our mission

Indeed’s Employer Resource Library helps businesses grow and manage their workforce. With over 15,000 articles in 6 languages, we offer tactical advice, how-tos and best practices to help businesses hire and retain great employees.

Read our editorial guidelines
5 min read

Many small and medium-sized organisations refer to public guidance to understand how HR records are defined and what information these records can contain. Public sources outline different ways organisations store HR data, the types of information these records may cover and where retention-period guidance is available.

Ready to get started?

Post a job

Ready to get started?

Post a job

Different kinds of HR data

Public guidance describes several kinds of data that may be covered by HR records.

Common categories of HR data described in public guidance include:

  • hours worked by employees;
  • employee pay;
  • recruitment data;
  • absence or sick leave;
  • employee turnover .

HR records can include additional types of people-related information depending on the organisation, and public sources outline how retention expectations can vary by record type. This is because they have different retention periods.

The UK law around records retention

UK data-protection frameworks were updated with the introduction of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA). Public sources note that the GDPR covers more types of data. UK data-protection frameworks outline how organisations may collect and store employee information, and public sources describe how the GDPR introduced additional considerations. Familiarise yourself with the definitions of the two terms below.

What is the GDPR?

The GDPR gives employees the right to access personal data held about them. Public guidance explains that the GDPR sets conditions for how personal data may be collected, used and stored.

The GDPR works alongside the DPA 2018, and public sources describe how both frameworks operate in the UK. For organisations that also operate in Europe, official guidance outlines how the EU GDPR and UK GDPR apply in their respective jurisdictions.

What is the DPA?

The first DPA was introduced in 1998, well before the GDPR, and public sources describe how it outlines individuals’ rights in relation to the processing of their data. It is a UK-made law and outlines which types of data organisations may be required to keep. The first DPA created the framework for the UK’s data protection law. The new DPA introduced in 2018 alongside the EU GDPR retains much of the DPA 1998 legislation. The UK’s DPA 2018 reflects the legal requirements set out in the GDPR. Public information notes that some records fall under statutory retention expectations, while others are referenced in non-statutory guidance.

Public sources explain that the DPA 2018 includes additional categories of data, including areas such as national security and defence. Guidance also notes that certain characteristics—such as race, religious belief, trade-union membership and health—receive additional legal protection. Public sources describe how the DPA sets out principles for processing employee-related data.

According to public information on the DPA 2018, organisations processing employee data are expected to consider certain principles set out in the legislation. Public information outlines that individuals have rights to access personal data, request corrections, understand the type of data held and know the purposes for which it is processed.

UK data retention periods

There are a lot of rules around the retention of records, such as how long you can hold on to employee records. Public sources note that retention time frames vary depending on the type of record and the context in which it was created. However, what is considered an adequate time frame will vary depending on the type of record.

Statutory retention of records

Public guidance based on the DPA 2018 explains that some types of records have statutory retention periods. Official sources outline what these periods are and how they apply in different contexts.

Public sources outline examples of statutory retention time frames, such as:

  • accident reports: three years
  • first aid reports: six years
  • fire warden training: six years following employment
  • income tax records, returns and communications with HMRC: up to three years after the relevant financial year
  • medical records and biological test information (Control of Lead at Work Regulations): 40 years after the final entry
  • medical records and biological test information (Control of Substances Hazardous to Health Regulations): 40 years after the final entry
  • whistleblowing information: six months after a case outcome, or deleted following an unsubstantiated investigation
  • employee training: five years following employment

Public sources indicate that, in certain circumstances, some types of records may be retained after an individual leaves an organisation. They may be needed, for example, if employees make claims against you or to help former employees in future legal disputes with other workplaces. However, not all types of records have statutory UK retention periods; in these cases, organisations may assess how long records are held based on internal policies and contextual factors.

Retaining non-statutory records

Some records do not have statutory retention requirements, and public guidance notes that organisations sometimes keep these for operational or internal-reference reasons.

Public sources describe examples of non-statutory records that some organisations keep for internal reference or operational purposes, such as:

  • CCTV footage, for unfair dismissal claims;
  • COVID-19 vaccination information: public sources note that this is special category data, and organisations typically consider their lawful basis for processing when handling it;
  • requests for flexible working;
  • parental leave;
  • training records;
  • references;
  • right to work in the UK checks;
  • redundancy information.

According to the UK Limitation Act 1980 there is usually a six-year time limit for starting legal proceedings, and some organisations consider these time frames when deciding how long to keep certain internal records.

Public guidance notes that some organisations review long-held records to determine whether identifying or sensitive information can be minimised in line with internal policies, such as sickness records. Some organisations limit access to confidential information to roles that require it, depending on internal processes and data-handling policies.

Public guidance notes that the processing of special category recruitment data often involves specific conditions, such as explicit consent. Organisations sometimes take these conditions into account when shaping their recruitment data-handling practices.

Permanent records

Some organisations retain certain records on a long-term basis. This includes actuarial valuation reports. These reports help your business’s accountants to keep track of future financial liabilities payable to employees in the future, such as pensions.

Public sector records

Public information on the Freedom of Information Acts 2000 explains that Section 46 of the Code of Practice sets out recommended approaches for managing public sector records. Government departments publish their own retention guidance, which is available on official websites.

See more: 5 Useful Questions Employers Should Ask When Conducting a Reference Check

Recent Accountancy Articles

See all articles in this category
Create a culture of innovation
Download our free step-by-step guide on encouraging healthy risk-taking
Get the guide

Three individuals are sitting at a table with a laptop, a disposable coffee cup, notebooks, and a phone visible. Two are facing each other, while the third’s back is to the camera. The setting appears to be a bright room with large windows.

Ready to get started?

Post a job

Related articles

A guide to SMCR conduct rules
Read article
What is people analytics?
Read article
UK Small Business Grants and Where to Find Them
Read article

Indeed’s Employer Resource Library helps businesses grow and manage their workforce. With over 15,000 articles in 6 languages, we offer tactical advice, how-tos and best practices to help businesses hire and retain great employees.

Read our editorial guidelines