Data protection and your business

Skip to contents of guide

Recruitment and managing staff records

You must keep any data you collect on staff secure - lock paper records in filing cabinets or set passwords for computer records, for example.

Only keep the information for as long as you have a clear business need for it, and dispose of it securely afterwards - by shredding, for example.

Recruiting staff

You must give the name of your business and contact details (or those of the agency) on job adverts.

Only collect the personal information you need on application forms, and do not ask for irrelevant information, like banking details.

Example
You will usually only have to ask about motoring offences if driving is part of the job.

Only keep the information for recruitment - do not use it for a marketing mailing list, for example.

Keeping staff records

Make sure only appropriate staff, with the right training, can see staff records, and store sensitive information (such as health or criminal records) separately.

Example
Do not let managers access a worker’s sickness record if they only need to see a simple record of their absences.

If you’re asked to provide a reference, check the worker or ex-staff member is happy for you to do so.

Letting staff see their records

Your staff have the right to ask for a copy of the information you hold about them.

This includes information about grievance and disciplinary issues.

You must respond to their request within 30 days.

You may be able to withhold some information when responding to a request if the information concerns someone else - you need to protect someone who’s accused them of harassment, for example.

Staff can complain if they think their information is being misused, and you could be ordered to pay a fine or compensation.