Keeping information about your PAs safe

Personal Assistant (PA) employers must comply with the law around keeping information about their PAs safe.

The law around data protection is called GDPR – The General Data Protection Regulation, and it came into force in 2018.

What is GDPR?

The General Data Protection Regulation (GDPR) is there to protect the rights of individuals when their personal information is handled and processed.

As a PA Employer, GDPR says you must be open and honest with your PAs about how you use their information, and you must follow good data handling procedures.

All PA Employers that deal with personal data must comply with GDPR. Even if you only employ one PA, you are likely to hold information about them such as their home address and phone number. As an employer you must take steps to make sure you are holding this data safely.

What information can I keep about my PAs?

You must have a good reason for asking for and keeping information about your PAs. The information you may need in order to employ them includes things like:

  • Name
  • Address
  • Date of birth
  • Education and qualifications
  • Work experience
  • National Insurance number
  • Tax code
  • Details of any known disability (but only if you need this, for example you need to make adjustments to their role)
  • Emergency contact details
  • Their employment history with you
  • Employment terms and conditions (e.g. pay, hours of work, holidays, benefits and absence)
  • Any accidents connected with work
  • Any training taken
  • Any disciplinary action.

How should I keep information about my PAs safe?

You need to take steps to make sure that any information you keep about your PAs is safe and cannot be accessed by other people.

For example, if you have your PAs’ contact details written in an address book, think about how you can keep this secure – perhaps in a locked cabinet.

If you keep information about your PAs on a computer or phone, is this password protected?

What should I tell my PAs about the information I have on them?

As an Employer, you should be open and transparent with your PAs about what information you keep on them and how you handle it. You should tell them:

  • What information you kept and how you use it
  • How you keep the information confidential and secure.

Next steps

You can find further information about managing information on employees at the link below. This information has been written for small businesses, but the same guidance applies to you as a PA Employer.

Part of
Last Updated
28 May 2024
First Published
28 March 2022
Was this article helpful?



Please note that the information contained in this Handbook is provided for guidance purposes only. Every reasonable effort is made to make the information accurate and up to date, but no responsibility for its accuracy and correctness, or for any consequences of relying on it, is assumed by Self Directed Support Scotland or any other contributing party.

The information does not, and is not intended to, amount to legal advice. You are strongly advised to obtain specific, personal and professional advice from a lawyer about employment law matters, or an accountant/ tax specialist about taxation matters, and from HMRC and your insurers. You should not rely solely on the information in this Handbook. Support organisations listed in this Handbook can help you find appropriate sources of advice.