GDPR and Data Management

Data Deletion and The Right To Be Forgotten

To use this feature you must have the Data Controller role.

All user types, clients, providers and placements can be deleted from within RSM InTime. At the same time, you can choose to delete related entities such as timesheets, expenses, invoices, financial transactions (e.g. ERNI data in the margin report), audit log entries etc. This tool can be used to process "Right to be forgotten" requests under GDPR.

Before use, you should consider your own data retention requirements and any applicable legislation in the duristictions in which you operate. For example, in the UK, accounting records must be kept for six years from the end of the financial year to which they relate. You may decide that timesheet, placement and worker data forms part of these accounting records and decide to retain this information within RSM InTime. RSM InTime does not validate your data deletion requests and, as such, you should ensure you have undertaken adequate checks prior to deletion.

Deleting an entity

This example will show how a worker can be deleted from RSM InTime. The process can also be followed for all the other entities within the Profiles, except clients and providers. To be able to delete clients and providers you will need to go directly to the recycle bin in the system configuration cog, in the general section. 

Find the user you wish to delete and select Edit from the actions column.

You will be taken to the worker edit screen. From the actions button, select Delete.

You will be taken to the deletion screen:

Permanently Delete Immediately - If ticked, the worker and assoicated items (if ticked) will be deleted from the database immediately. IF YOU SELECT THIS OPTION, THE DATA CANNOT BE RETRIEVED.

Permanent Deletion Date - If set, the worker and associated items (if ticked), will be scheduled for permanent deletion on the specified date. IF YOU SELECT THIS OPTION, THE DATA CANNOT BE RETRIEVED.

Comment - A free text comment field for detailing why the entity was deleted.

Associated items to also be deleted - if ticked, these items will also be deleted along with the worker. If not ticked, the worker on those items will be replaced by a dummy worker with empty details. You must consider your own regulatory data retention requirements prior to deleting items. For instance, you may be required to keep invoice details for several years. If you retain these details outside of RSM InTime, you could delete invoices along with the user. However, if your sole record of the invoices is within RSM InTime, you may be required to keep them.

It is also worth noting that some details will always be taken from the worker. For example, the worker's VAT Registration Number is stored on the worker record and displayed on the invoice. If you don't delete the purchase invoices, and you don't keep financial records outside of RSM InTime, you may want to keep the worker record, otherwise the details on the purchase invoices will reflect those on the dummy worker. In these cases, you may wish to redact the worker's sensitive personal information


Once you have completed the form, click the Delete button. In the example above the Permanently Delete Immediately option has not been ticked. All the associated items have been ticked. You will be taken to the recycle bin where you can view deleted items that have not yet been permanently deleted.

At this point, the worker and any associated items ticked will be removed from all searches. At this point, you can still restore the data. To do this, from the actions menu, click Restore. To view the related items that will also be deleted click the View button in the Related Deletions column. To permanently delete the worker, click the Permanently Delete option in the actions button.

NOTE: Any associated items that were not ticked will still be searchable/viewable within RSM InTime and will retain the original details of the worker. These details will not be removed until the worker is permanently deleted from the database. For example, if you decided not to delete the worker's timesheets, you wouldn't be able to search for the worker, but a generic timesheet search would return those timesheets including the worker's details. Once permanently deleted, a generic search would return those timesheets and would have the redacted details of the dummy worker.

Recycle Bin - If you want to get back to items you have put in the Recycle Bin you can do this under the System Configuration (Cog Top right) → Recycle Bin menu, which is located under the GENERAL section.

Subject Access Requests

To use this feature you must have the Data Controller role.

Subject Access Requests can be undertaken for each of the user types within RSM InTime. Find the user you wish to process a Subject Access Request for and select Subject Access Request from the actions menu. This will download a spreadsheet containing all data related to a specific user. If you attach documents to timesheets, expenses, invoices or contract documents that contain personal data and you deem these to be within the scope of the subject access request, you will need to manually download each of these manually from within RSM InTime.