How will the Employment Rights Bill impact the retention of employment records for employers?

The new Employment Rights Bill (the Bill) introduces changes to employer’s obligations regarding the retention of employment records.

In this Keynote, employment lawyer Emma Loveday-Hill sets out the current law on retention of employment records, and how the Bill is set to change the obligations of employers.

The current law

The law governing the retention of employment records is governed by both the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 (DPA 2018).

The UK GDPR sets out key principles for the processing of personal data. Employers must ensure that employee records are: processed fairly, lawfully and transparently; collected for specified, explicit purposes; adequate, relevant and limited to only what is necessary; accurate and, where necessary, kept up to date; kept for no longer than is necessary (once the retention period has expired, records should be securely destroyed or anonymised); and handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.

The DPA 2018 provides a legal framework for data protection in the UK and includes specific provisions for the processing of employment data. It outlines conditions under which certain types of data, such as sensitive personal data, can be processed, often requiring additional safeguards. It also includes certain exemptions that are applicable to employment records.

The Information Commissioner’s Office (ICO) provides guidance to help employers understand their obligations under data protection law concerning employment records. While the ICO does not prescribe exact retention periods, it advises employers to establish clear retention policies that set out how long different types of employment records should be kept, based on legal requirements and business needs, that they should be able to justify such retention periods, and that they should inform employees how their data will be used, how long it will be retained, and their rights regarding their personal data.

Employers must look to a collection of HMRC requirements and other legislation for specific retention periods, although they may choose to keep records for a longer period, provided that this can be justified. Here are some of the most important ones:

• General employee records: General employment records (such as contracts, job applications, and other documentation) should be kept for at least 6 years after the end of the employment. This is because employees can bring claims such as breach of contract or wrongful dismissal within this period pursuant to the Limitation Act 1980.
• PAYE and payroll: HMRC requires employers to keep PAYE records (including details of wages, hours worked, deductions, and tax information) for at least 3 years from the end of the tax year to which they relate.
• National Minimum Wage (NMW): The National Minimum Wage Regulations 2015 require employers to keep NMW records for at least 6 years starting from the end of the pay reference period.
• Statutory Sick Pay (SSP) records: Employers should retain SSP records for at least 3 years after the end of the tax year to which they relate.
• Maternity, paternity, and adoption leave records: Employers should keep records related to maternity, paternity, and adoption leave for at least 3 years after the end of the leave, so as to comply with obligations imposed by HMRC. This 3-year period is also stipulated by the Statutory Maternity Pay (General) Regulations 1986.
• Pension records: If an employer provides a pension scheme, records related to pension contributions should be kept for at least 6 years after the end of the relevant tax year to comply with the Occupational and Personal Pension Schemes (Disclosure of Information) Regulations 2013.
• Health and safety records: Employers should keep records related to health and safety (for example, accident records) for at least 3 years (and longer if relating to, for example, the control of hazardous substances).
• Expenses and benefits records: Employers should keep records for 3 years from the end of the relevant tax year.
• Right-to-work records: The Immigration, Asylum and Nationality Act 2006 requires right-to-work checks and records to be kept for 2 years after employment ends.
• Limited companies’ financial and accounting records: The Companies Acts 2006 requires limited companies to keep financial and accounting records for 6 years from the end of the financial year to which they relate.
• VAT records: HMRC requires businesses to keep VAT records for at least 6 years.

Current consequences of non-compliance

The DPA 2018 allows for penalties if employers do not comply with the data retention requirements, including fines and potential claims from employees. The ICO can investigate complaints and take enforcement action.

The UK GDPR also provides for significant penalties for non-compliance, with fines of up to 4% of annual global turnover or £17.5 million, whichever is higher, for serious breaches of data retention principles.

What changes will the Bill introduce?

Section 39 of the Bill will require employers to keep detailed records of all employees’ annual leave and holiday pay entitlements and payments for a minimum period of 6 years.

The Bill seeks to establish a new enforcement body, the Fair Work Agency (FWA), which will have the power to inspect employers’ physical and electronic records, to make sure that employees have received their annual leave entitlements and pay.  Non-compliance can lead to penalties and criminal prosecution. The FWA will also have the power to initiate Employment Tribunal claims against employers on behalf of employees to recover unpaid entitlements.

What can employers do now to prepare?

Employers should take the following steps now:

• Review and update their record-keeping systems to ensure that systems are in place to accurately record annual leave and holiday pay information for all employees.
• Train staff on the new requirements so that they can implement record recording and maintenance.
• Establish clear policies for the retention of employment records for at least 6 years.
• Conduct regular compliance audits any address any discrepancies promptly.
• Be prepared for possible on-site audits by the FWA.

By implementing these measures, employers can mitigate the risk of non-compliance and avoid or minimise non-compliance penalties.

If you have questions or concerns about employment records, please contact employment lawyer Emma Loveday-Hill.