Retaining personal information

I was trying to find the key stakeholders under GDPR. GDPR doesn't set a timeline on how long you must retain personal information of an employee, but what if we want to hold some of their information for auditing purposes, will this be allowed?

GDPR does not set any timeline about data retention because the needs may vary according to the kind of personal data are processed. You need to remember that any personal data must be processed under the principles listed in article 5 GDPR (data minimization, in particular). In some cases, Member States’ legislation may set obligation to keep documentation (i.e. bookkeeping records), so you need to verify first if any internal regulation requires you to retain your employees' personal data for a certain period of time. If you want to process data for auditing purposes you need to specify it in your employees’ privacy notice. 

Here you can find some information:

Who are the key stakeholders in a GDPR compliance project? https://advisera.com/eugdpracademy/blog/2018/09/24/who-are-the-key-stakeholders-in-a-gdpr-compliance-project/How the GDPR could impact your HR department https://advisera.com/eugdpracademy/blog/2018/02/22/how-the-gdpr-could-impact-your-hr-department/Is consent needed? Six legal bases to process data according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/Contents of the Data Protection Policy according to GDPR: https://advisera.com/eugdpracademy/knowledgebase/contents-of-the-data-protection-policy-according-to-gdpr/

You can also consider enrolling in our free EU GDPR Foundation course: EU GDPR Foundations Course