Personnel Files: What to Keep and For How Long

Personalakten aufbewahren: diese Fristen gelten
Drei Mitarbeiter beugen sich über Laptop

Documents related to the employment relationship between an employer and an employee should be securely stored in a personnel file, either in physical or digital form. This file should contain records related to the employee, employment contracts, social security and tax documents, as well as copies of any official paperwork.

Both during ongoing employment and upon an employee's departure from the company, it's crucial to review which documents need to be retained and which may need to be deleted or destroyed. In this article, we'll guide you through what should and must be kept in the personnel file, along with how and for how long you should retain these documents.

With Personio, you can manage and securely store employee data in compliance with UK law. Learn more here.

Personnel files: what should you keep and for how long?

Holding onto information for too long can be risky and costly. Only keep records if you really need them for your business. According to UK laws like GDPR and DPA 2018, tax-related data shouldn't be kept longer than needed for its legal use.

The standard time to keep tax records is six years plus the current year, also known as 6 years +1. This means you keep records for six years after the last entry and then decide in the next year whether to keep or destroy them.

You can only keep records longer than this if there's a special reason like a law requirement, security issues, or historic value. If you do keep them longer, you must include the new time limit in your business records.

For really important historical records, the maximum time to keep them is 20 years after the last entry, plus one more year to decide if you should keep or destroy them.

According to the CIPD, for many types of HR records, there is no definitive retention period: it is up to the employer to decide. However The UK Limitation Act 1980 contains a six-year time limit for contractual claims, so it’s recommended that many records are kept for at least that period.

Here's a summary of the recommended document retention periods for common personnel files:

  • Assessments under health and safety regulations: Permanently. 

  • Flexible working requests: 18 months following any appeal.

  • Parental leave: 18 years from the birth of the child.

  • Pension records: 12 years after the benefit ceases.

  • Personnel files and training records: 6 years after employment ceases but may be unreasonable to refer to expired warnings after two years have elapsed.

  • Recruitment applications and interview notes (for unsuccessful candidates): 6 months to a year are advisable as the time limits for bringing claims related to the Equality Act.

  • Redundancy details, calculations of payments: 6 years from the date of redundancy.

  • References: Outgoing references given by an organisation should be retained for at least one year after the reference is given to meet the limitation period for potential defamation claims.

  • Right to work in the UK checks: Home Office recommended practice is 2 years after employment ends.

  • Statutory Sick Pay (SSP) records: The Statutory Sick Pay (Maintenance of Records) (Revocation) Regulations 2014 (SI 2014/55) abolished the former obligation to keep these records, but you still may want to keep for the standard of six years.

  • Termination of employment: At least 6 years although the ICO’s retention schedule suggests until employee reaches age 100.

  • Terms and conditions: Review 6 years after employment ceases or the terms are superseded.

  • Time cards: 2 years after audit.

  • Trade union agreements: 10 years after ceasing to be effective.

Keep Your Employee Files Accurate, Always

Personnel File UK

Ensure all employee files are always up-to-date, organised, complete and data-compliant.

Get the checklist
  1. Income Tax: Self-employed individuals should generally keep their records for at least 5 years after the 31 January submission deadline of the relevant tax year.

  2. Corporation Tax: Companies are generally advised to keep records for at least six years from the end of the accounting period.

  3. VAT Records: Usually, VAT records should be kept for six years, although some businesses may get permission from HMRC to keep them for a shorter period.

  4. PAYE: Employers usually need to keep Pay As You Earn (PAYE) records for three years from the end of the tax year they relate to.

  5. Capital Allowances: For any assets that a business keeps for a number of years, records relating to their costs must be kept until the end of any adjustment period.

  6. Construction Industry Scheme (CIS): Records must be kept for at least three years after the end of the tax year to which they relate.

  1. National Insurance: Contributions records should generally be kept indefinitely. These are usually vital when claiming a state pension.

  2. Benefits: If you receive any form of social security benefits, it is advisable to keep all correspondence, claim forms, and payment slips for at least two years.

  3. Health and Safety Records: While not directly linked to social security, these should generally be kept for three years for adult employees.

Remember that failing to keep adequate records could result in penalties. Always double-check current rules, as these can change.

Consequences of non-compliance for document retention

Non-compliance with data retention laws and regulations in the UK can result in a range of consequences, both administrative and legal:

Financial penalties

  1. General Data Protection Regulation (GDPR): Under the UK's adoption of GDPR, fines for non-compliance can be up to £17.5 million or 4% of the company's global annual turnover, whichever is higher.

  2. Tax records: Failure to keep adequate tax records could result in financial penalties from HM Revenue and Customs (HMRC). The fines can vary but may be substantial, depending on the degree of non-compliance.

  3. Health and safety records: Fines can also be imposed for failure to comply with health and safety data retention requirements.

  1. Litigation Risks: Inadequate retention of data can expose businesses to legal risks, including not being able to defend against claims and allegations. This could result in court rulings against the business.

  2. Criminal charges: In some instances, particularly related to willful destruction of records, individuals within the company may face criminal charges.

  3. Contractual penalties: Some contracts, especially government contracts, may include clauses that impose penalties for failure to comply with data retention requirements.

Operational consequences

  1. Loss of reputation: News of non-compliance can result in reputational damage that may have long-term impacts on business prospects and customer trust.

  2. Audit failure: Non-compliance with data retention laws can result in a failed audit, which may then affect your ability to win business or may trigger contractual penalties with existing clients.

  3. Business disruption: Investigations into non-compliance can result in considerable disruption to regular business activities.

  4. Loss of data: Improper data retention policies could lead to loss of vital business data, affecting operational efficacy.

Other consequences

  1. Directors and officers: Company directors and officers may be personally liable in some instances of non-compliance, and they may face disqualification.

  2. Additional scrutiny: Once an instance of non-compliance has been identified, companies often come under increased scrutiny from regulators, which can result in further operational challenges.

  3. Insurance premiums: A history of non-compliance may also affect a company’s liability insurance premiums.

To avoid these consequences, it is crucial for companies and individuals to be fully aware of and in compliance with all relevant data retention laws and guidelines.

Disclaimer

Keep vital data at your fingertips

Digital Employee Files on Different Devices