K
KornerIQ
Small Business OS
Start free →
Organised employee records and compliance files in a UK business

Right-to-Work Record Keeping: What UK Employers Must Store (2026)

UK employers must keep right-to-work check records for the duration of employment plus two years. This guide covers exactly what to store, how long to keep it, and what counts as compliant evidence.

K
KornerIQ Compliance Team
·5 min read·Updated 2026-06-22✓ Reflects UK law 2026

You must keep a copy of every right-to-work check you conduct for the duration of the worker's employment and for two years after it ends. The record must be stored securely, be reproducible on request, and include enough detail to demonstrate that a compliant check was carried out. Failure to produce records is treated the same as never having conducted the check at all.

What records must you keep?

The Home Office requires you to retain evidence of every right-to-work check. What constitutes valid evidence depends on how the check was conducted:

For online share code checks (most common)

Take a screenshot of the result page from gov.uk/view-right-to-work. The screenshot must clearly show:

  • The worker's name
  • The worker's photograph
  • The date the check was conducted
  • Whether the worker has the right to work in the UK
  • Any conditions or expiry date on their right to work

Save the screenshot as a file (PDF or image) and store it against the employee's record. The date stamp visible on the result page is your proof of when the check was done.

For physical document checks (British/Irish passports, birth certificates)

Make a clear copy of the original document. For a passport, copy the photo page. For a birth certificate with a National Insurance number, copy both documents together.

The copy must be:

  • Legible — you must be able to read the document type, name, expiry date and photograph
  • Unedited — do not crop, annotate or alter the copy
  • Dated — note on the copy (or in your records) when the check was conducted

Acceptable copy formats include: printed copies, scanned PDFs, or clear photographs of the document.

How long must records be kept?

| Period | When it applies | |---|---| | Duration of employment | While the worker is employed | | Plus 2 years after employment ends | After the worker leaves |

This means if a worker leaves after 3 years with you, you must retain their right-to-work records for 5 years in total from the date of the initial check.

The two-year post-employment retention period ensures records are available for any Home Office investigation or civil penalty dispute that arises after the working relationship ends.

Where should records be stored?

The Home Office does not mandate a specific storage format — paper files, shared drives, HR software, and dedicated compliance tools are all acceptable — but your storage method must:

  • Allow records to be retrieved promptly if requested by the Home Office
  • Be secure against unauthorised access (employee records are personal data under UK GDPR)
  • Allow records to be produced in a legible format

Paper vs digital

| Storage method | Pros | Cons | |---|---|---| | Paper file per employee | Simple, no software needed | Easy to lose, hard to search, takes physical space | | Shared drive / cloud storage | Accessible remotely | No built-in expiry alerts, easy to miss follow-up dates | | Dedicated HR/compliance software | Expiry alerts, audit trail, GDPR-ready | Monthly subscription cost |

For most small businesses with more than a handful of staff, a digital system is significantly safer than paper — not because the Home Office requires it, but because paper systems have no built-in reminder capability for List B follow-up checks.

What records to keep for follow-up checks

When a worker's right to work is time-limited, you must conduct a follow-up check before their permission expires. You must keep a separate record of every follow-up check, in addition to the original.

Each follow-up check record must show:

  • The new check date
  • The new expiry date (if still time-limited)
  • The result — confirmed or not confirmed

Keep a complete chronological trail of all checks conducted for each employee.

Records and GDPR

Right-to-work records are personal data and must be handled in compliance with the UK GDPR. This means:

Storage limitation — do not keep records longer than necessary. After the two-year post-employment window, delete the records.

Access control — right-to-work records should be accessible only to those who need them (HR, management) — not to all staff.

Data breach obligations — if right-to-work records are lost, stolen or accessed without authorisation, this is a personal data breach. Depending on the severity, you may need to notify the ICO within 72 hours.

Right to erasure — if a worker requests erasure of their data, right-to-work records may be exempt from erasure obligations under the "legal obligation" basis — since you are required by law to retain them for two years post-employment.

What happens if you cannot produce records?

If the Home Office investigates and you cannot produce right-to-work check records for a worker, it is treated as if no check was ever conducted. This means:

  • Your statutory excuse is void for that worker
  • You are fully liable for the civil penalty of up to £60,000
  • The absence of records is not a mitigating factor — it is treated as evidence of non-compliance

This is why storage and retrieval are just as important as conducting the check itself.

Frequently asked questions

Can I store right-to-work records digitally? Yes. Digital storage is fully acceptable. A PDF copy of a share code result screenshot or a scanned document copy stored in a secure HR system satisfies the requirement.

Does the employee get a copy of their right-to-work check record? You are not required to give the employee a copy. The record is for your compliance files. However, if an employee makes a subject access request under UK GDPR, they are entitled to see personal data held about them — which would include their check records.

What if a worker provides a false document? If you conduct a compliant check in good faith and the document later proves to be false, you may still have a statutory excuse — provided the document appeared genuine and you followed correct checking procedures. The key is that the check must have been conducted and recorded properly.

Can I keep right-to-work records on my phone? Technically yes, but it is not recommended. Phone storage is difficult to control, easy to lose, and hard to retrieve for inspections. A dedicated system (even a password-protected shared folder) is more reliable.

Do I need to keep records for contractors and freelancers? The right-to-work duty applies to employees and workers. It does not typically apply to self-employed contractors — but this depends on the legal employment status of the individual. If in doubt, treat the person as a worker and conduct a check.

KornerIQ stores a complete, timestamped record of every right-to-work check against each employee's profile. Records include the check date, outcome and any expiry dates — and remain in the system for the full retention period. Automatic deletion reminders when the two-year post-employment window expires help you stay GDPR-compliant without manual tracking.

Ready to automate your compliance?

14-day free trial · No credit card required · Setup in under 10 minutes

Start your free trial →