Audit Checklist For Personnel Files in the UK

Staff personnel files are an essential element of any business, and maintaining accurate, up-to-date and well-organized ones is absolutely essential. Knowing what should and shouldn’t go in there as well as for how long is also crucial.

This checklist will detail what should be included in a personnel file and how to regularly audit it to protect data security.

What to Keep
Legal requirements dictate that certain staff records should be kept, including salary and tax information, working time and absences. Additional data such as grievance issues and employee training must also be stored as good practice.

A comprehensive checklist can help identify gaps in your record-keeping system and develop preventative measures to safeguard against legal risks for your business.

When conducting employee file audits, be sure to know exactly what to look for and for how long. That way you’ll have peace of mind knowing you are complying with UK data protection laws as well as best practice guidelines.

All documents should be stored safely and only accessible to authorised staff members. When moving an employee file between departments, this must be done personally with it being marked as private and confidential. You should also ensure all documents are scanned in and saved in the appropriate format.

Who has the Right to See It
Personal data in an employee file should only be accessible by those authorized, such as HR personnel, managers or supervisors and line managers of individuals. Access should only be shared if there is an actual business need for doing so.

Note that any sensitive data, such as medical or confidential documentation provided by employees, should be stored separately from the main personnel file and can only be accessed by authorized staff members as necessary.

Personnel files should only be transferred between departments by hand or an employee who is designated an “authorised key holder” for that department. Postal transfers present a risk to privacy, so where possible avoiding them should be prioritized. It is advised that every file receives an accompanying cover sheet with key information such as date received, receiving line manager name and summary contents (Appendix 1) which should be reviewed annually at least.

How Long to Keep It
As it’s essential that employee records be stored only as long as necessary, conducting regular audits on employee files and understanding how long you should keep records is key to keeping your employees happy and productive. UK laws such as GDPR and DPA 2018 dictate this with personal data being only stored for as long as necessary – so making sure not to store outdated or irrelevant information.

Documents have different retention periods; those related to pay, tax and national insurance must be held for three years by law, while records pertaining to working time may only need to be kept for two.

Once an employee has left your organization, it is wise to review whether specific information remains necessary and delete any unneeded records (including emergency contact numbers) from your system. If you require further guidance in managing their files, reach out to DavidsonMorris’ team of expert employment law and global mobility lawyers for advice.