General Data Protection Regulations GDPR. Downloading and anonymising employee data.

As part of GDPR we have added some new features to help with compliance.  These specifically address subject access requests, where individuals have the "right to access" their personal data and "right to erasure" also known as "right to be forgotten", where the individual can request their personal data be erased. 

Downloading employee data 

At any time during the employee's employment or thereafter, the employee has the right to request a copy of all data pertaining to the employee and held by the employer. To facilitate this request, the employer can download employee data for both active and terminated employees.

To do this, access the employee's file and click on the "Terminate" or "Re-Activate Employee" dropdown button (depending on the employee's employment status) to access the 'download employee data' option. The following employee data will be downloaded (where applicable) in a zip file:

  • An excel spreadsheet containing personal employee details such as name, date of birth, start date, address, contact numbers, emergency contact details, bank accounts, tax and NI details, pension contribution plans, pay run defaults, pay run inclusions, qualifications, timesheets, leave requests, expense requests and rostered shifts;
  • Documents, separated in sub-folders, attached to the following:
    • Qualifications;
    • Leave requests;
    • Timesheets; and
    • Expense requests.
  • Other employee documents (but not business documents);
  • Photos captured using Clock Me In or WorkZone when clocking in/out;
  • Employee profile picture;
  • Payslips;
  • HMRC documents e.g. P60s, P45s.

You can utilise the download data functionality at any time during the employee's employment cycle and it can be used more than once. 

Anonymising employee data

The introduction of GDPR brings about an entitlement for EU individuals to request their personal data be erased. This entitlement is also known as "the right to be forgotten". Additionally, an important note to make is that UK employers are required to retain all employment related records for up to 3 years plus the current tax year.  As such, after the 3 year period has elapsed and only once that period has elapsed, an employee has the “right to be forgotten”. 

As deleting employee information will impact pay run information and reporting, we do not completely erase employee data. Rather, what anonymising employee data will result in is: 

  • Anonymising any personally identifiable information to make it impossible to identify the employee; and
  • Deleting non-core payroll data that, once anonymised, cannot be retrieved thereafter.

The anonymising employee functionality is only available for terminated employees. To commence this process, access the employee file and click on the "Re-Activate Employee" dropdown button. You will be directed to the following warning modal dialog:


In order to proceed with anonymise the employee data, you must enter "continue" in the text box and then click on "Anonymise". Please note: once this action is undertaken, it cannot be reversed and employee data cannot be restored. As such, we strongly recommend exercising extreme caution and only performing this action in legitimate circumstances. 

Upon clicking the “Anonymise” button, the following actions will occur: 

  • Employee name will be encrypted using one way encryption. An example of what the employee's name will now be displayed as is as follows: Screen_Shot_2019-09-18_at_1.39.24_pm.png 
  • Employee title, preferred name middle name, previous surname, date of birth, residential address, postal address, email, phone numbers and external ID will be deleted.
  • Emergency contact details will be deleted.
  • Employee's National Insurance number will be set to unknown.
  • Job title will be deleted.
  • Bank account numbers will be displayed as 1s. Bank account name will be one way encrypted. 
  • Qualifications and their associated documents will be deleted.
  • Employee documents unique to that employee (ie not business documents) will be deleted.
  • Any photos captured from clocking activities (through WorkZone and/or Clock Me In) as well as the employee's profile image will be deleted.
  • Timesheet notes (generated from Clock Me In) will be deleted.
  • Employee portal access for the employee will be revoked.
  • All audit events pertaining to the employee will be deleted. This relates to audit events  generated using the Employee Details Audit Report. The report will, however, display events for deleted documents and revoking employee portal access and the user listed in the "change made by" column will be the user who anonymised the employee data. 


If you have any questions or feedback please let us know via 







Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.