Javascript is required
logo-dastralogo-dastra

GDPR Data processing modelHuman Resources & Personnel Administration

PrivateHuman resourcesMost common processing activities
Processing of employee personal data for HR management, including organisation of work, career development and training, allocation of IT tools and resources, payroll administration, workplace health and safety, and relations with employee representatives.

Purposes (4)

A purpose is the objective pursued by the setting up of your file. It indicates what the processing of personal data will be used for, its purpose. This purpose must be clear and understandable

1
Organising work (diary/projects)
Legitimate interest
Art. 6(1)(f) UK GDPR – legitimate interest in workforce planning.
2
Careers & training
Contract
Art. 6(1)(b) UK GDPR if contractual (training obligations), otherwise Art. 6(1)(f) UK GDPR – legitimate interests
3
Provision of IT tools
Contract
Art. 6(1)(b) – performance of employment contract; Art. 6(1)(f) for IT security.
4
Personnel administration
Legal obligation
Art. 6(1)(c) UK GDPR – legal obligations under employment law; Art. 6(1)(f) UK GDPR for internal management.

Data categories (11)

Personal data is any information relating to an identified or identifiable natural person. A natural person can be identified either directly (eg surname and first name) or indirectly (eg phone number, social security number, email or postal address, but also voice or image)

Employee identification data

Data details

driver's license type

Definition

false

required
Passport numberoptional
Personal contact information

Definition

Personal e-mail address, personal telephone, personal physical address

optional
Professional contact detailsrequired
Nationalityrequired
Date and place of birthrequired
Genderrequired
Photograph

Definition

Photograph including the person's face

optional
Employee's first and last namerequired

Data conservation rules

Active base:

Active during employment

Intermediate archiving:

Archive up to 6 years after termination

Limitation Act 1980

Training & appraisal data

Data details

Diplomasoptional
Certificates and attestationsoptional
Training requests and historyoptional
Appraisalsrequired
Assigned objectivesrequired
Evaluator Identity

Definition

false

required

Data conservation rules

Active base:

Active for appraisal cycle (2–3 years);

Intermediate archiving:

intermediate up to 6 years post-employment for claims defence.

Equipment/IT allocation logs

Data details

Organigramsrequired
Intranet internal administrative formrequired
Individual email accountrequired
Connection datarequired
budget allocationrequired
Date of maintenance and removalrequired
Date of endowmentrequired
Nature of endowmentrequired
Equipment request managementrequired
Task distributionrequired
Object and people present at appointmentsrequired
Dates, places and times of business meetingsrequired
Professional contact detailsrequired
Functionsrequired
Photograph

Definition

Photograph including the person's face

optional
Employee's first and last namerequired
Trainingrequired

Data conservation rules

Active base:

Active during use

Destruction

Employee representative & union data

Data details

Minutesrequired
Reportsrequired
Preparatory documentsrequired

Data conservation rules

Active base:

Duration necessary to accomplish the purpose

Employee appraisal data

Data details

Career development forecastsrequired
Comments and wishes expressed by the employeerequired
Appraisal results

Definition

Assessment of professional skills on the basis of objective criteria with a direct and necessary link to the job held

required
Objectives assignedrequired
Skills assessmentsrequired
Evaluator Identity

Definition

false

required
Interview datesrequired

Data conservation rules

Active base:

Active database: for the duration of appraisal cycles (typically 2–3 years).

Intermediate archiving:

Intermediate archive: up to 6 years after employment termination

To cover claims under the Limitation Act 1980, e.g. discrimination or unfair dismissal

Destruction

Employee employment status data

Data details

Recognition of the status of disabled workerrequired
Disability rate

Definition

Article 9-2-b) of the GDPR

required
Nature of employment contract

Definition

false

required
Accounting Sectionrequired
Hierarchical coefficientrequired
Job heldrequired
Seniorityrequired
Company entry date

Definition

false

required
Internal identification numberrequired
Workplacerequired

Data conservation rules

Active base:

duration of employment relationship

Intermediate archiving:

5 years after the end of the employment contract

Health & accident/illness data

Data details

Work not resumed to date

Definition

false

required
Reason for the absence (work-related accident or occupational illness)required
Resumption date

Definition

false

required
date of last day worked

Definition

false

required
date of accident or first medical determination of illness

Definition

false

requiredsensitive data
Occupational physician contact details

Definition

false

required

Data conservation rules

Active base:

Retain for statutory health & safety periods (at least 3 years after incident; longer if linked to potential claims).

Social activities set up by the employer

Data details

Benefits and services requested and providedrequired
Incomerequired
Identity of the employee and his/her assigns or beneficiariesrequired

Data conservation rules

Active base:

Duration necessary to accomplish the purpose

Employee career management

Data details

Disciplinary sanctions excluding those resulting from amnestied actsrequired
Employee's employment desiresrequired
Career simulationrequired
Purpose and reason for changes in the employee's employment statusrequired
Daterequired
Date and terms of recruitmentrequired

Data conservation rules

Active base:

The data necessary for personnel management are kept, in principle, for the duration of the employment relationship, unless otherwise provided by law or regulation.

Intermediate archiving:

5 years after the employee leaves the organization

Special hardship entitlements (leave/delegation)

Data details

Operational reserve participationoptional
Data relating to the exercise of an elective or representative trade union mandateoptionalsensitive data

Data conservation rules

Active base:

Active for the period of entitlement

Intermediate archiving:

Intermediate: 6 years post-entitlement (covering claims periods).

Destruction

Payroll data

Data details

National Insurance numberrequiredsensitive data
Real Time Information (RTI) submissionsrequired
Business expensesrequired
Leave and absences giving rise to deductible or compensable deductions, as well as any deductions legally made by the employerrequired
Factors determining the award of additional remuneration

Definition

false

required
Number assigned by social organisationsrequired
Amountsrequired

Data conservation rules

Active base:

6 years after end of tax year

Companies Act 2006 & HMRC requirements: HMRC guidance

Data subject (1)

A data subject is any person whose data is collected, retained or processed by the data processing. e.g. In a recruitement process, any candidate for a position proposed in recruitement management process

  • Employees
Created at:07/08/2023
Updated on:08/01/2025
License: © Creative commons :
Attribution / Pas d'utilisation commerciale
CC-BY-NC AttributionPas d'utilisation commerciale
Nb using:10

Access the full processing template

Try Dastra now to access all of our data processing templates that you can customize for your organization.It's free and there's no obligation for the first 30 days (no credit card required)

Add to my data processings record
Subscribe to our newsletter

We'll send you occasional emails to keep you informed about our latest news and updates to our solution

* You can unsubscribe at any time using the link provided in each newsletter.