Legislative Framework for Record Retention Requirements
As most HR professionals know, document retention for employee-related records—such as personnel files, payroll information, benefits records, and background checks—is a particularly complicated process, required by law, with variations from country to country. Complicating the process further, each document in each country has its own individual retention requirements, and the financial penalties for noncompliance can be significant. A carefully designed and implemented HR record retention policy is a necessary step to support an employer’s robust compliance program.
While disposing of too many records can increase a company's legal exposure, disposing of too few records may also increase legal exposure as well as the cost of storage. Employers must identify which records should be retained, how long records should be retained and the different formats in which records may be stored. Employers must also determine how to ensure internal HR record retention policies comply with all applicable regulations and local laws.
General Recordkeeping Requirements
Keeping HR records through a robust document retention policy may be useful to employers for various reasons, including (a) maintaining the corporate memory of the company; (b) satisfying legal or regulatory requirements; (c) preserving documents with an enduring business value to the company; and (d) protecting the company against the risks of litigation and the need to preserve evidence and comply with disclosure obligations as necessary.
However, a balance must often be struck between keeping documents for a sufficiently long period of time, so as to meet an employer’s legitimate business objectives, and not keeping those documents unnecessarily, which could give rise to a breach of data protection laws or otherwise create unnecessary risk.
In Austria, a number of HR-related records must be maintained for a minimum of seven years (accounting-related records, documents relevant for book-keeping and fiscal purposes as well as all business letters, contracts and business communications).
Note that employees are entitled to employment certificates (a document attesting that an individual was employed with the company and contains the duration of employment as well as job responsibilities) for thirty years after the end of employment. In order to preserve this information, it is advisable to keep a copy of an issued or pre-fabricated employment certificate for 30 years.
Most countries have minimum and maximum retention periods for certain HR records. Even if there is no statutory minimum retention period for a certain category of records in a particular country, it is often recommended to retain records until the expiration of the relevant time limits for bringing legal actions or regulatory investigations (statutes of limitations).
In addition to maintaining minimum retention periods, some countries also have maximum retention periods. A record’s survival must often be limited so as to safeguard the privacy of persons whose personal data is contained in that record. In particular, records must be kept for no longer than is necessary for achieving the purposes for which the records were collected or subsequently used. After the maximum retention periods have expired, the documents should be either permanently deleted or anonymized (i.e., all references to data subjects should be redacted so that it is no longer possible to identify those persons).
Under the European General Data Protection Regulation (GDPR), Human Resources departments have an obligation to limit storing personal employee and applicant data. One way to demonstrate this is by having a clear and well documented retention policy that limits retention periods to what is legally or contractually required.
Format of Records
Multiple laws, decisions, and even everyday life practices apply when assessing the retention period of a document. There is no requirement in Austria to retain corporate records on the company premises. Additionally, there is no obligation to retain specific records within Austria, although all data stored outside of the country must continue to meet GDPR requirements. HR-related documents can be stored electronically in the Cloud and/or in paper form.