Data protection and your business
2. Recruitment and managing staff records
You must keep any data you collect on staff secure - lock paper records in filing cabinets or set passwords for computer records, for example.
Only keep the information for as long as you have a clear business need for it, and dispose of it securely afterwards - by shredding, for example.
You must give the name of your business and contact details (or those of the agency) on job adverts.
Only collect the personal information you need on application forms, and don’t ask for irrelevant information, like banking details.
You will usually only have to ask about motoring offences if driving is part of the job.
Only keep the information for recruitment - don’t use it for a marketing mailing list, for example.
Keeping staff records
Make sure only appropriate staff, with the right training, can see staff records, and store sensitive information (such as health or criminal records) separately.
Don’t let managers access a worker’s sickness record if they only need to see a simple record of their absences.
If you’re asked to provide a reference, check the worker or ex-staff member is happy for you to do so.
Letting staff see their records
Your staff have the right to ask for a copy of the information you hold about them.
This includes information about grievance and disciplinary issues.
You must respond to their request within 40 days.
You may be able to withhold some information when responding to a request if the information concerns someone else - you need to protect someone who’s accused them of harassment, for example.
Staff can complain if they think their information is being misused, and you could be ordered to pay a fine or compensation.