For those of you who are still deep in GDPR, the ICO issued some guidance last week on one of the lawful reasons for processing data legitimate interest.
As you may already know, GDPR will require that organisations can demonstrate compliance with the data protection principles and at least one lawful basis for processing the data, of which there are 6. Many organisation will choose to rely on the legal basis or consent, that said legitimate interest can be a flexible alternative. This may be useful to share with your marketing colleageues.
Enjoy!
Sarah
Replies
Hi Sarah and anyone else who may be able to offer advice,
GDPR - not my favourite subject at the moment given how much addtional work its creating within our business.
Well my main concern really is justifying keeping some employee information, such as flexible working requests from over a year ago, whether approved or not. I have asked on another well known forum and it was suggested that I keep these for around 3 years after the employee has left however I cannot see of what use and legitimate reason I would have for keeping these after 12 months following the request - and only that because of the limit of one request per 12 months.
Do you have any thoughts, the cipd retention period information isn't too helpful when you drill down to the specific pieces of information we in HR gather over time. Historically we've pretty much kept everything for 6 years after an employee has left but our in house legal is asking for each piece of info to be justified either with legal requirements or a legitimate reason.
I know employees have up to 6 years for a contractual claim however I can't see that information such as a flexible working request would to be kept for that amount of time.
Other pieces of information such as an employment reference for a new starter is clearer cut and we'll now delete after successful completion of their probation period but cannot justify why we'd keep that longer as it has no further purpose.
I wonder if anyone else is having the headache of having to change their retention and deletion process / policy and it is going to cause a lot more work.
Any comments gratefully received :)
Clare