Skip to main content

Find the answers you need

Create and manage data retention policies

This article explains how to create and manage data retention policies for documents in Personio. Data retention policies let Administrators set rules for when documents must be reviewed for deletion. Personio applies these rules based on the time passed since a key event, like a document’s creation date or an employee’s termination date.

Personio checks all stored documents automatically. When documents match a policy, Personio flags them for review and sends Administrators an Inbox notification. Administrators can then open a list of flagged documents and choose to delete or keep each one.

Data retention policies can help your organization manage sensitive HR data and support compliance with GDPR and other requirements. Personio also keeps logs of deletions to support audits. 

Before you start

  • Permissions: You must be a Personio Administrator to create, edit, run, or review data retention policies. If you don't have this role, ask your Administrator for support.
  • Requirements: 
    • Data retention policies only apply to documents in Personio.
    • You can set retention rules based on:
      • Document creation date
      • Employee termination date
    • You can exclude specific employees from a single policy or all policies if needed.
    • When you create and run a retention policy, Personio checks all documents, including ones added before the policy existed. If any documents have already passed the time limit, Personio flags them for review. 
    • Once you run a policy, Personio continues to run it automatically every 28 days. Admins can also run a policy manually at any time, outside the 28-day cycle.
    • Personio does not delete documents automatically. It notifies Admins when documents are ready for review, and Admins choose what to delete. 
    • You can only edit a policy when it's status is Draft or Ready to run. If the policy has any other status, you need to complete the review or skip the execution before you can edit it. 

Create a data retention policy

To create a data retention policy that identifies documents eligible for deletion, follow these steps:

  1. Go to Settings.
  2. In the Data Governance section, click Data retention.
  3. In the Policies tab, click Create.
  4. Enter a name and optional description.
  5. Choose the document category this policy should cover. 
  6. Enter how long to keep documents in days, months, or years.
  7. Choose when the retention period starts:
    • Document creation date
    • Employee termination date 
  8. Optional: Add multiple rules to include more than one document category or trigger in the policy.
  9. Click Next to select the people the policy applies to: 
    • Click + Add rule to include a group of users based on conditions. For example, all employees in the London office with an HR Manager role.
    • Select individual people from the dropdown. Personio always includes these people, in addition to anyone included by rules and conditions. 
  10. Optional: To exclude specific people from the policy, go to the Exclude people tab and select them from the dropdown. 
  11. Check the Preview panel to confirm the people included. 
  12. Choose to Save as draft or Save and run

When you save and run a policy, Personio activates it right away and runs it every 28 days. 

Edit a data retention policy

To change a data retention policy’s name, description, rules, or who it applies to, edit the policy. Follow these steps:

  1. Go to Settings
  2. In the Data Governance section, click Data retention
  3. In the Policies tab, select the policy you want to edit. 
  4. Confirm the status is Draft or Ready to run. 
    • If not, finish the review and deletion steps or skip the execution.
  5. Click the three dots icon > Edit policy.
  6. Make the necessary changes.
  7. Choose to Save as draft or Save and run

Create exemptions for a data retention policy

To protect someone's documents from deletion, add exemptions to data retention policies. You can exempt a person from:

  • One specific data retention policy
    OR
  • All data retention policies (a global exemption)

You can only set exemptions on an individual basis, not for groups based on conditions.

Exclude people from a specific data retention policy

To exclude someone’s documents from a specific data retention policy, follow these steps:

  1. Go to Settings
  2. In the Data Governance section, click Data retention
  3. Select the policy you want to exempt someone from.
  4. Click the three dots icon > Edit policy.
  5. Click Next then click the Exclude people tab.
  6. Select the users you want to exempt from the policy.
  7. Save and run the policy or Save it as a draft. 

Exclude people from all data retention policies

You can create a global exemption to exclude someone’s documents from all existing data retention policies. You can only add, edit, or delete global exemptions when all existing policies have a Draft or Ready to run status. To create an exemption, follow these steps:

  1. Go to Settings
  2. In the Data Governance section, click Data retention
  3. In the Policies tab, confirm all policies have a Draft or Ready to run status. 
    • For any other status, finish deleting the documents or skip the execution.
  4. Click the Exemptions tab then Add
  5. Select the person to exempt from the dropdown and enter a reason. Click Add.

Remove someone’s exemption from data retention policies

When you remove someone’s exemption, Personio applies your retention policies to that person’s documents again. To remove an exemption, follow these steps:

  1. Go to Settings
  2. In the Data Governance section, click Data retention
  3. Click the Exemptions tab then select the relevant person from the list.
  4. Click Remove and confirm their deletion from the exemption.

Pause a data retention policy

To stop a policy from running every 28 days, save it as a draft. Follow these steps:

  1. Go to Settings
  2. In the Data Governance section, click Data retention
  3. Select the policy you want to pause.
  4. Confirm the policy status is Ready to run. 
    • If not, finish deleting the documents or skip the execution.
  5. Click the three dots icon > Edit policy.
  6. Click Save as draft.

Personio pauses the 28-day run schedule. You can reactivate the policy whenever you're ready for it to resume. 

Reactivate a data retention policy

  1. Go to Settings
  2. In the Data Governance section, click Data retention
  3. Select the policy you want to reactivate. 
  4. Review the details, then click Next
  5. Click Save and run.

Personio runs the policy right away and continues to run it every 28 days.

Frequently asked questions

Can I exclude rehires or employees with dual profiles?
You can't exclude people from data retention policies using rules. Instead, exclude them individually (as exemptions) or exclude them at the policy level. Find out more about exemptions

Can I add exemptions based on rules rather than individual names?
No, you can only add exemptions for individual employees. 

Do I have to delete everything the policy identifies?
No. Personio only flags documents for review. You choose what to delete and confirm it. If you keep a document, Personio shows it again the next time the policy runs.

Can I edit a policy after it has run?
Yes, but only after the run is finished. You must complete the review or skip the execution first. 
The activity log doesn’t save the policy settings that were used at the time of deletion. If you need a clear audit trail, create a new policy instead of editing an existing one.

Can I pause a scheduled policy?
Not directly. While a policy is running, you can’t change it or turn it off. To pause the 28-day schedule, complete the review or skip the execution, then edit the policy and save it as a draft. You can turn it back on when you’re ready.
 

Help us improve. Is this page helpful?