Data Protection: Since the GDPR came into force, companies have had special rules regarding the type, duration and scope of storage. Since the GDPR came into force, companies have had to comply with special rules concerning the type, duration, and scope of applicant and employee data storage and retention. Small and medium-sized companies are also affected. In principle, the personal data of employees may be collected and processed following data protection.
“From many conversations with my customers, I got the impression that it is still not clear to all companies how long they have to keep applicant data and which employee data they are allowed to collect, develop and store,”.
“The principle applies that personal data of employees may be collected, processed or used for the employment relationship following employee data protection. This includes certain data such as name, tax identification number, data on social security as well as information on occupation, qualifications and employability”,.
Data Protection: Storage Of Employee Data
The data without which a legally compliant employment relationship would not come about or without which a company would not guarantee its regular operation. By the way: The employer does not need any special consent from his employees to store this data – and only for this. By the way, employee data protection also includes applicant data. Most companies also store applicants’ data when they are no longer needed because they have chosen a candidate.
“Here, however, you are walking on thin ice because here, too, retention periods are regulated. Application documents may be kept for a maximum of six months. By then at the latest, applicant data must be destroyed in compliance with data protection regulations,”. This means that personal data must be made unrecognizable and may no longer exist after being deleted. “The email must not be forgotten. There, too, cover letters, curriculum vitae, certificates and other documents that may have been submitted must be deleted. “
Comply With GDPR Requirements
With Office Manager, the requirements of the GDPR and retention periods can be complied with: DMS users can enter deadlines that are accurate to the day and start running from the document date. You can use an input mask to specify the retention period in years or days and with “unlimited” or “none”. The end of the period is shown in the properties dialogue of the individual documents.
“This is a huge relief when it comes to the short-term archiving of application documents because HR administrators have a precise overview of the day on which they have to delete the data,”. By the way, deadlines for the sample archives are included in the software installation package. “To prevent misuse or manipulation, changes require administrator rights. Even if the editing of selection lists has been approved,”.
Note Retention And Deletion Periods
For the storage of employees’ data – in connection with attendance times or accounting data – specific retention and deletion periods apply. “If an employee leaves the company, their personnel files should be kept for at least three years. Only then make claims from the employment relationship expire, such as the demand for a job reference or a claim for damages, “:” But be careful: the deadline always only applies from the end of the respective year in which the employment contract ends, regardless of when the time of termination was. “
However, a distinction must be made between tax law and social security documents: A retention period of six years according to tax law applies to income tax cards, pay slips and receipts for an income tax deduction. If they are used to determine the company’s profit, they must be kept for ten years. Proof of wages for hours worked and evidence of remuneration paid must be kept for five years, and documents relating to company pension schemes for six years.
ALSO READ: 7 logotypes: which logo suits whom?