PeopleHR Ideas Portal
After 6 years of leaving, majority of an employee's information needs to be removed from our systems to comply with GDPR rules. Currently, as far as we are aware, the system doesn't do this automatically and relies on HR having to do this on the back end, which seems like an oversight and could result in us breaking these rules if missed.
We suggest there be a change to the process so that employees detail are automatically removed so that we can remain GDPR compliant.
Or perhaps, HR can be notified and asked what we want to keep with the rest being removed afterwards.
| Describe the Challenge | We believe that employees data should be auto-removed after 6 years to comply with GDPR. |
Agree this is a good idea. It would be useful to have the ability to set the timescale of deletion, as we have different locations round the global which can have different requirements.
Whilst DPA 2018 and GDPR do not define minimum or maximum retention periods it is recommended that ex employee's documents are held for no longer than 6 years. Once this retention period has expired date should be securely and permanently deleted. Automatic removal of ex employee's data 6 years on from their final day of employment would be a really useful tool to aid compliance of employers.
The 6 year cut off period for storing ex-employee data is really important from a legal/business requirement for all clients. It would be beneficial to have a secure process for deleting this data, ensuring that it can not be recovered to comply with GDPR.