GDPR Digital Personnel File: 5 Obligations and Retention

1. Access Concept (Need-to-Know)

Line managers should see only their own team members; HR sees the full file; executive management only on demand. Implement role-based access in the HR system (Personio, Workday, SAP SuccessFactors) and enable an audit log that records every read and edit.

2. Retention Periods

Payroll documents: 6 years (Section 41 EStG, German Income Tax Act). Tax-relevant documents: 10 years (Section 147 AO, German Fiscal Code). Applicant records: 6 months after rejection (BAG 2 AZR 1180/16, AGG limitation period). Active employee files retain status during employment and 10 years thereafter for civil-law claims.

3. Mandatory Deletion After Expiry

Implement automated deletion routines tied to the retention matrix. Where deletion conflicts with an active employment relationship or pending dispute, retain until the trigger ends, then delete. Document every deletion with timestamp and ground.

4. Data Subject Access Procedure (Art. 15 GDPR)

An employee request triggers a one-month response deadline. Provide a PDF covering all data categories: master data, contract data, payroll, performance reviews, training records, communications log. Free of charge for the first request per year.

5. Data Portability (Art. 20) for Employees and Applicants

Provide a machine-readable export (CSV or JSON) on request. Rarely invoked in practice, but mandatory. Document the export workflow so HR can deliver within the one-month deadline.

Summary

The digital personnel file is one of the highest-risk GDPR processing activities in any SME — high data volume, special categories (illness data), and strong employee rights. The safe baseline: role-based access with audit log, retention matrix tied to tax and labor law, automated deletion, documented Art. 15/20 workflows, and a Data Processing Agreement (DPA) with every HR software provider.

View GDPR Kit →