A regulator-grade long-term archive for Sage People HR and payroll data — configured per retention regime (UK GDPR 6yr, HMRC 7yr, TPR lifetime+6, FCA SMCR 6yr, HIPAA 6yr+). Right-to-erasure workflow, sensitive-field masking, immutable audit log, sector-specific reports.
Long-term storage of Sage People data is the easy part. Configuring that storage to satisfy specific regulatory retention rules, right-to-erasure obligations, and inspection requirements is what separates a generic archive from a compliance archive.
Most cloud archives are designed for cost-efficient long-term storage — Parquet in object storage, partition by date, query when needed. That solves the storage problem but it doesn't solve the compliance problem. UK GDPR Article 17 right-to-erasure requires per-request decision logging during the retention window. HMRC payroll inspections expect specific record formats and time-ranges. The Pensions Regulator expects auto-enrolment evidence in specific formats. FCA SMCR requires certified-person records retained 6 years post-departure with audit-grade timestamping.
The Syntra Sage People compliance archive is the specifically-configured layer that satisfies these regulatory regimes. Per-data-class retention policies enforced in the query layer. Sensitive-field masking aligned to UK GDPR special category data definitions. Right-to-erasure workflow capturing the legal basis for refusal during retention and the eventual erasure execution. Immutable audit logging of every access, every query, every sensitive-field unmask. Pre-built regulator-specific reports for HMRC, TPR, FCA, ICO inspections.
Same underlying Sage People data archive; specifically-configured compliance layer on top.
Six regime-specific data and evidence classes that together satisfy the compliance requirements your HR data must meet.
Tax code chronology, NI category history, pension and salary sacrifice arrangements, P11D taxable benefits per tax year, P60 year-end summaries, P45 leaver documents, RTI FPS/EPS archive.
Auto-enrolment status and classification history (eligible jobholder / non-eligible jobholder / entitled worker), opt-in/opt-out elections, contribution rates with effective dates, qualifying earnings per period.
Every DSAR logged with request timestamp, identity verification, response content hash, redaction decisions. Right-to-erasure decisions with legal basis and retention exemption rationale.
Certified person records retained 6yr post-departure, SMCR responsibility statement history, fit-and-proper assessments, conduct breach records — all with audit-grade timestamping.
DBS check status and renewal history, professional registration (NMC, GMC, HCPC) with verification evidence, mandatory training completion per CQC and professional body requirements.
DBS / PVG check history, qualified teacher status (QTS) records, subject specialism, mandatory safeguarding training — preserved per DfE / GTCS guidance.
From regulatory scoping to first regulator-inspection-ready archive in production. Typical engagement: 8–12 weeks.
Identify every applicable regulatory regime — UK GDPR/DPA, HMRC, TPR, FCA SMCR if financial services, HIPAA if US healthcare HR, sector-specific (DBS, NMC, etc.). Map retention rules per data class. Sign-off from legal, compliance, HR, payroll.
Extract every in-scope Sage People object — Worker__c, Salary__c, Leave_Request__c, custom objects holding pension/SMCR/safeguarding data. Stage as Parquet, hash-signed, partitioned. Include full history including terminated workers.
Per-data-class retention policy configured in the query layer. Sensitive-field masking per UK GDPR special category definitions. Right-to-erasure workflow built. Pre-built regulator-specific report templates instantiated.
Immutable audit logging configured (write-once storage). SIEM integration for log streaming. Time-boxed access tier for external regulators. ICO inspection evidence-pack generator deployed.
Sample regulator-style queries run end-to-end (DSAR walkthrough, HMRC inspector workflow, TPR audit query, FCA SMCR record extraction). Sign-off pack issued. Compliance archive enters production retention period.
Six evidence-pack types that satisfy regulator inspections without ad-hoc data engineering.
Every record about a data subject across all Sage People objects, PDF-formatted with optional structured download. Identity verification trail, redaction decisions, response timestamp — ICO inspection-ready.
Pre-formatted P11D summaries per tax year, P60 year-end records, P45 leaver documents, RTI FPS/EPS archive, tax code history per worker — exactly what HMRC inspectors typically request.
Auto-enrolment evidence per pay period, contribution history with effective dates, qualifying earnings calculations, opt-in/opt-out elections — formatted per TPR guidance.
Certified person history with departure dates 6yr+ retained, SMCR responsibility statements, fit-and-proper assessments, conduct breach records — FCA inspection-ready.
Complete employment history, salary chain, performance review records, disciplinary case notes, leave history — preserved with audit-grade timestamps for tribunal evidence.
Every right-to-erasure request logged with legal basis for refusal during retention OR erasure execution after retention. Post-erasure audit log of the erasure event itself.
A Sage People compliance archive is a regulator-grade long-term store of HR and payroll data extracted from Sage People (formerly Fairsail), configured to satisfy specific statutory retention regimes — UK GDPR / Data Protection Act 2018, HMRC payroll requirements (7-year retention), TPR pension regulation, EU GDPR per member state, US FLSA / ADEA, US HIPAA where healthcare HR data is involved, and sector-specific requirements (financial services, government, education). The archive is more than just stored data: it includes signed evidence packs per retention period, immutable audit logs of every access, sensitive-field handling per regulation, right-to-erasure workflows with retention-exemption decision logging, and pre-built regulator-specific reports (P11D summaries, RTI submission archive, equality monitoring data, headcount snapshots).
UK GDPR (and the DPA 2018) Article 17 right-to-erasure applies to personal data the controller no longer has a lawful basis to retain. HR data in a compliance archive is typically retained on a legitimate-interests basis (defence of potential tribunal claims, typically 6 years), legal-obligation basis (HMRC 7-year payroll retention, pension regulation), or both. During the retention period, erasure requests can be lawfully refused — but the controller must inform the data subject of the basis. The Sage People compliance archive captures each erasure request with the legal basis cited for refusal, response sent to data subject, eventual erasure execution after retention expires, and post-erasure audit log of the erasure event itself. ICO inspection-ready evidence trail end-to-end.
HMRC requires UK payroll records to be retained for at least 3 tax years after the tax year they relate to, but in practice 6–7 years is industry standard to cover wider audit and enquiry windows. The Sage People compliance archive retains: tax code chronology per worker with effective dates; National Insurance number and category history; PAYE income and tax deduction per pay period; pension scheme membership and contribution history (employee, employer, salary sacrifice); P11D taxable benefits per tax year (private medical, company car, fuel benefit, etc.); P60 year-end summaries; P45 leaver documents; RTI FPS (Full Payment Submission) and EPS (Employer Payment Summary) archive where Sage People fed an integrated payroll provider. Pre-built reports format these for HMRC inspector access.
The Pensions Regulator (TPR) requires auto-enrolment records to be retained for 6 years; some pension scheme records are typically retained for the lifetime of the worker plus 6 years to support member queries decades after employment ended. The Sage People compliance archive retains: worker auto-enrolment status and history (eligible jobholder / non-eligible jobholder / entitled worker classifications), opt-in and opt-out elections with dates, pension scheme membership history, employer and employee contribution rates with effective dates, salary sacrifice arrangements impacting pensionable pay, qualifying earnings calculations per pay period, and pension scheme provider identifiers. Pre-built reports satisfy standard TPR audit and member-query patterns.
Several. Financial services (FCA SMCR — Senior Managers and Certification Regime): certified person records retained for 6 years post-departure; SMCR responsibility statement history; fit-and-proper assessments; conduct breach records — all preserved with audit-grade timestamps. Government and security clearance: clearance level, expiry, renewal history; vetting records; restricted-access role assignments — preserved per HMG guidance. Healthcare (NHS / private healthcare): DBS check status and renewal history; professional registration (NMC, GMC, HCPC) with verification evidence; mandatory training completion records — preserved per CQC and professional body requirements. Education: safeguarding (DBS / PVG) check history; qualified teacher status (QTS) records; subject specialism — preserved per DfE / GTCS guidance.
Layered access control with mandatory immutable audit logging. Encryption: TLS 1.3 in transit, AES-256 at rest with KMS-managed keys, optional customer-managed key (CMK) integration. Authentication: SSO via SAML 2.0 / OIDC integration with corporate IdP (Azure AD, Okta) for HR/audit users; email-verified magic link for DSAR portal; time-boxed access tokens for external auditors and regulators. Authorisation: role-based tiers with the principle of least privilege; sensitive-field masking by default with explicit unmask permission; query-time business-justification capture for sensitive-field access. Audit: every access logged immutably (write-once storage); logs streamed to corporate SIEM.
Yes — and it's a common use case. When a Sage Group customer divests a business unit or subsidiary, the divested entity typically needs its own discrete HR data archive that the parent no longer holds (data minimization principle) while the parent retains an archive of the workers who were employees during the parent's tenure. Syntra ETL splits Sage People extracts at extraction time by business unit, legal employer, or operating company — producing two distinct compliance archives, each with its own retention policy, access roles, and audit trail. The split is governed and signed off by both legal and HR before execution; once split, the two archives operate independently per their own compliance regimes.
Varies by data class and regulatory regime, but typical commitments span 6–15 years. UK HR records: 6 years post-termination minimum (GDPR/DPA tribunal claim window), often extended to 7+. UK payroll/HMRC: 6–7 years minimum, with W-2/T4-equivalent year-end forms often retained longer for individual member queries. Pension/TPR: 6 years for auto-enrolment records, lifetime+6 for pension scheme records. US FLSA: 3 years minimum, 7+ for federal contractors. EU GDPR: 5–10 years per member state. Healthcare HIPAA: 6 years minimum, often 10+ for sector-specific reasons. Indefinite retention configurable for specific record classes (e.g., gender pay gap historical for trend analysis, professional registration evidence for life-long member queries).
30-minute call. We'll walk through your regulatory profile (UK GDPR, HMRC, TPR, FCA SMCR, sector-specific), retention requirements per data class, and inspection patterns — and scope an 8-12 week compliance-archive engagement.