What an employer needs to hold on file as a minimum.
It is important for both operational efficiency and to protect the organisation to maintain personnel records. Employers are also required to retain and maintain certain records by law.
Personnel records constitute data that fall within the scope of the Data Protection Act 1998 and care must be taken as to the purposes for which these data are used. The following constitutes the minimum information employers should hold on each individual employee:
- emergency contact details;
- date of birth;
- education and qualifications;
- tax code;
- national insurance number;
- details of any known work-relevant disability.
Evidence of right to work in the UK:
Copies of the relevant original documentation provided by the employee as evidence of his or her right to work in the United Kingdom.
- employment history with the organisation - date employment began, period continuous employment commenced, promotions, present job, job title;
- details of terms and conditions - pay, hours of work, holiday entitlement, any other benefits. A copy of the written main terms and conditions of employment or contract of employment and records of any changes to the contract;
- details of any absences - unauthorised absence, lateness, sickness, annual holiday, maternity, paternity or dependents leave, compassionate leave and leave for family emergencies;
- details of any accidents connected with work, including any on the way to and from work;
- details of training courses attended or further education undertaken with the organisation, whether internal or external;
- details of any grievances raised or disciplinary action taken, including notes and any associated correspondence;
- details of termination of employment.
In addition to the above, employers may wish to gather additional data for statistical purposes. For example, monitoring the ethnic or gender mix of the workforce may assist in ensuring that selection processes are fair and free from bias. If such data is gathered, care needs to be exercised to ensure compliance with the provisions of the Data Protection Act (1998).