GDPR requires that a data controller retains any HR-related data for the following periods:
in the UK: For 6 + current year
in Denmark: for 5 years
The retention of data is the data controller’s responsibility. Planday is the data processor and can assist a data controller in exporting any data.
Planday encourages the data controller to export the data in Planday organisations that they manage so that the data controller can be compliant with any privacy regulation, for example, GDPR. If the data controller needs assistance, please contact:
Inside Planday on the Settings page, the admin can delete archived / de-activated employee data after the retention period has passed. The data controller can define this data retention period on the same page.
The data controller has responsibility for any requests to delete data. Planday can assist with written requests from the data controller only and will only proceed with confirmation that the data controller understands the risks and responsibilities associated with deleting HR data before the retention period has passed.
Planday recommends the following best practice: the data controller should make regular backup copies of all their data held within Planday. Backups can be made by downloading data from Planday or running a backup tool/service.