Employers must keep their employees’ personal data safe, secure and up to date.
Employers can keep the following data about their employees without their permission:
- date of birth
- education and qualifications
- work experience
- National Insurance number
- tax code
- emergency contact details
- employment history with the organisation
- employment terms and conditions (eg pay, hours of work, holidays, benefits, absence)
- any accidents connected with work
- any training taken
- any disciplinary action
Employers need their employees’ permission to keep certain types of ’sensitive’ data, including:
- race and ethnicity
- political membership or opinions
- trade union membership
- biometrics, for example if your fingerprints are used for identification
- health and medical conditions
- sexual history or orientation
Employers must keep sensitive data more securely than other types of data.
What an employer should tell an employee
An employee has a right to be told:
- what records are kept and how they’re used
- the confidentiality of the records
- how these records can help with their training and development at work
If an employee asks to find out what data is kept on them, the employer will have 30 days to provide a copy of the information.
An employer should not keep data any longer than is necessary and they must follow the rules on data protection.