Javascript is required
logo-dastralogo-dastra

GDPR Data processing modelBusiness Expense Tracking and Reimbursement Management

PrivateHuman resourcesPublicMost common processing activities
Processing of employee personal and financial data for the purpose of recording, verifying, and reimbursing business expenses in line with contractual obligations and tax/accounting requirements. Employers are required to maintain accurate expense and payroll records under: - Employment Rights Act 1996 (payment of wages and expense entitlements). - Income Tax (PAYE) Regulations 2003 and Corporation Tax Act 2009 (tax treatment of expenses).

Purposes (2)

A purpose is the objective pursued by the setting up of your file. It indicates what the processing of personal data will be used for, its purpose. This purpose must be clear and understandable

1
Expense tracking and management
Legitimate interest
Art. 6(1)(f)UK GDPR - legitimate interests (monitoring and audit of expenses).
2
Reimbursement of business expenses
Contract
Art. 6(1)(b) UK GDPR - contract (payment of expenses owed to employees).

Data categories (3)

Personal data is any information relating to an identified or identifiable natural person. A natural person can be identified either directly (eg surname and first name) or indirectly (eg phone number, social security number, email or postal address, but also voice or image)

Expense tracking and management

Data details

Justification of expensesrequired
Employee's first and last namerequired
Receiptsrequired

Data conservation rules

Active base:

Active: during processing and reimbursement cycle.

Retention justified under storage limitation (Art. 5(1)(e) UK GDPR) and HMRC rules.

Intermediate archiving:

Intermediate: 6 years (HMRC record-keeping obligations and Limitation Act 1980 for contract/tax claims).

Destruction

Working hours and activity data

Data details

Last name and first name of business bank card holderrequired
Travelrequired
Information about the banking transaction performedrequired
Information about trip characteristicsrequired
Professional Planningrequired
Name and surnamerequired

Data conservation rules

Active base:

Active: duration of employment contract.

Intermediate archiving:

Intermediate: 6 years after termination

Limitation Act 1980

Destruction

Personnel identification data

Data details

Attached unitoptional
Position heldrequired
Internal registration numberoptional
Name and surnamerequired

Data conservation rules

Active base:

Active: duration of employment contract.

Retention justified under storage limitation (Art. 5(1)(e) UK GDPR) and HMRC rules.

Intermediate archiving:

Intermediate: 6 years after termination.

Destruction

Data subject (1)

A data subject is any person whose data is collected, retained or processed by the data processing. e.g. In a recruitement process, any candidate for a position proposed in recruitement management process

  • Employees
Created at:07/08/2023
Updated on:08/01/2025
License: © Creative commons :
Attribution / Pas d'utilisation commerciale
CC-BY-NC AttributionPas d'utilisation commerciale
Nb using:19

Access the full processing template

Try Dastra now to access all of our data processing templates that you can customize for your organization.It's free and there's no obligation for the first 30 days (no credit card required)

Add to my data processings record
Subscribe to our newsletter

We'll send you occasional emails to keep you informed about our latest news and updates to our solution

* You can unsubscribe at any time using the link provided in each newsletter.