Skip to content
Shredall SDS GroupShredall SDS Group
03333 555 100

Total Information Management

Get a FREE Quick Quote
0
Document Retention Policy: Legal Requirements Guide

Document Retention Policy: Legal Requirements Guide

A document retention policy is crucial when managing and protecting important records to avoid any criminal, civil and financial penalties that are mostly caused by bad data management practices.

Although GDPR does not dictate how long you should keep personal data, organisations are encouraged to set their deadlines based on the personal information they hold. The only requirement under the GDPR is that the organisation must document and justify why it has set the time frame it has.

In this guide, we look into the intricacies and legalities of document retention policies, including a table on the specific statutory retention periods for documents, so you can ensure your business is compliant. Use the jump links below to explore this guide:

Shredall SDS Group's secure storage services allow businesses to store their documents off-site until the end of the statutory retention periods, while still having easy access to their documents. Each document can be indexed, giving a complete inventory, which can then be securely shredded at the end of its retention date.

What is a document retention policy?

A document retention policy is a set of internal guidelines created by a business to regulate how sensitive documents should be handled from the moment they’re created, including storage, access, and disposal, through to a specified disposal date.

These policies are crucial for legal compliance, risk management, and operational efficiency. A well-defined policy ensures that important information is available when needed, while preventing the risks and costs associated with retaining unnecessary or outdated documents.

What is a retention period?

A retention period is the required amount of time you should keep your document before securely disposing of it. The minimum retention period depends on the type of document and what the document contains.

While retention policies establish the obligation for legal compliance, it's the specific retention periods within those policies that directly dictate the duration for meeting this business necessity. Avoiding compliance problems hinges on a clear grasp of retention periods. The retention policy facilitates this understanding, making it accessible for all staff in your business.

UK GDPR legislation is one of the key regulations that sets out the specific retention periods for different types of documents. It specifically mandates that data should only be kept for as long as we need it for the reasons we collected it, and therefore, policies are needed to support this.

The importance and benefits of a document retention policy

If your employees are regularly handling sensitive documents and information, it’s important to have a document retention policy in place. 

Auditability

The main reason many companies create a DRP is for clarity in legal and regulatory investigations. Should your company ever be audited or investigated by a body like HMRC, being able to provide access to all current documents and show evidence of timely destruction of old documents is vital. Missing documents or records destroyed outside of a schedule can complicate these processes.

Compliance with data security

More generally, a document retention policy helps a business to be compliant with data security regulations at both an industry and national level. Whilst GDPR has been in effect for a while now, maintaining ongoing compliance remains paramount. Even if you already do things by the book, implementing a concrete policy helps to preserve compliance for the future, and can help build trust with prospective clients or future customers.

Failure to comply with the law regarding document retention can lead to significant penalties, including hefty fines, legal repercussions, and reputational damage for the business.

Business efficiency

Finally, there is also a notable business benefit to a DRP. A detailed records and storage management system and destruction schedule removes ambiguity around what to do with documents, cutting the time it takes to locate them, and allowing you to plan for destruction dates. The clearer your business’s processes are, the easier it is for employees to work efficiently. A document retention policy is an important piece of that puzzle.

At Shredall SDS Group, we can help you store documents during the duration of your retention period. Get in touch today to find out more. 

Below are some common document types retention periods explained in detail.

How long to keep payroll data?

Data relating to PAYE, maternity pay, or statutory mandatory pay only needs to be kept for 3 years after an employee leaves your company. Beyond this, it’s unlikely you will have a legitimate reason for holiday pay information for ex-employees.

How long to keep employee records after termination?

Employee data such as personal records, performance appraisals, employment contracts, etc. Should be stored for 6 years after the employee has left. Under the GDPR, the condition for processing would be a legal obligation or legitimate interest.

What is the retention period for tax records?

Tax returns should be kept for 3 years from the date you filed your original return or 2 years from the date you paid the tax, whichever is later.

How long should you keep business documents?

In general, company records must be retained for around six years, however, some documentation needs to be kept for 10 years, including companies’ statutory books, VAT MOSS records and minutes of board meetings.

Statutory retention periods of documents

Here are some further common recommended periods of retention dates and the minimum statutory retention period required for multiple document types.

Type of Document

Statutory Minimum Retention Period

Recommended Period of Retention

Incorporated Documents

Certificate of Incorporation and Certificate on Change of Name

N/A

Permanently

Certificate to Commerce Business (Public Company)

N/A

Permanently

Statutory Returns, Records and Registers

Annual Return (copy)

N/A

Permanently

Return of Allotments (copy)

N/A

Permanently

Directors’ Service Contracts

6 years after cessation

6 years after cessation

Unpaid dividend records

N/A

3 years from the instruction

Notification of address change by member

N/A

2 years after notification

Share Registration Documents

Register of Members

N/A

Permanently

Powers of Attorney

N/A

Permanently

Contacts for purchase of own shares by company

N/A

Period of retention 10 years from date of contract

Dividend and interest payments lists

N/A

Until audit of the dividend payment is complete

Paid dividend and interest warrants

N/A

6 years after date of payment

Bank Records

Annual report and accounts (signed)

N/A

Permanently

Annual report and accounts (unsigned)

N/A

Permanently (keep sufficient copies to meet requests)

Taxation records and tax returns

Inspection possible up to 6 years after tax/accounting period

Permanently

VAT Records and Customs & Excise Returns

Inspection may be conducted up to 6 years after tax/accounting period

Permanently

Public Company

6 years

10 years

Limited Company

3 years

10 years

Expense Accounts

N/A

7 years

Cheques, bills of exchange and other negotiable instruments

N/A

6 years

Statements from and instructions to the bank

N/A

6 years after ceasing to be effective

Budgets, forecasts and periodic internal financial reports

N/A

5 years

Contracts

Trust deeds and rules (pension schemes)

N/A

Permanently

Contracts with customers, suppliers, agents or others

N/A

6 years after expiry or contract completion

Rental and hire purchase agreements

N/A

6 years after expiry

Licensing agreements

N/A

6 years after expiry

Insurance

Product/public liability policies

N/A

Permanently

Employers’ liability policies

40 years

Permanently

Accident report book and relevant records

3 years from date of entry (Health & Safety at work Act 1974 S7)

Permanently

Health & Safety policy documents

Implied permanently by Health & Safety at work Act (1974 S2(3)

Permanently

Group health policies

N/A

12 years after final cessation of benefit

Medical Records - general

N/A

12 years

Employee Records

Employment Agreements

6 years

Permanently

Income tax records (P45/P60/P58/P48 etc.) & Annual return of taxable pay and tax paid

6 years

12 years

Payroll and wage records (including details of overtime, bonuses and expenses)

6 years

12 years

Personnel Record

N/A

7 years after employment ceases, with permanent records held in cloud backups or externally held hard drives

Training Records

N/A

6 years after employment ceases

Salary Records

N/A

5 years

Job applications and interview records

N/A

Up to 1 year

Material with Copyright Protection

Literary, dramatic and musical works

N/A

Life plus 50 years

Artistic works, recordings, films, photos and broadcasts

N/A

50 years

Property Documents

Leases

N/A

12 years after lease and liabilities under the lease have terminated

Title deeds for property

N/A

Permanently or until sold or transferred

Medical Records

X-Ray Registers

30 years

Child Protection Registers

26 years

Audiology, Dietetic and Nutrition, District Nursing, Occupational Therapy, Physiotherapy, Podiatry and Language Therapy

20 years

Dental Records

11 years

X-Rays

8 years

Incident forms

8 years

Admission/Discharge books

8 Years

Personnel records

6 years

 

Key components of a document retention policy

There are three core components of a document retention policy that are fundamental to the success of implementation across your organisation. These include:

  • Retention schedules: Clear, specific timelines for different document types based on legal, regulatory, and business needs, ensuring that there is a length of time dictated for each record.

  • Legal and regulatory compliance: This component explicitly outlines the laws and regulations that the policy adheres to (such as GDPR), allowing specific references to be made as to why a record is being kept for a certain length of time.

  • Document disposal procedures: Clear and secure methods for disposing of documents after the retention period are crucial for adhering to data protection laws and avoiding any future liabilities. 

There are additional components to a comprehensive and effective DRP, addressing the legal aspects of document retention. There are additional components such as roles and responsibilities, enforcement, and more. For expert guidance in establishing a robust document retention policy tailored to your specific needs, our specialist consultancy services are available to assist you.

Tips for organising your records retention schedule

The thought of knowing where to start with all your documents can be overwhelming. It all starts with a good, clear out and document management. Below are our top three tips to help you get started with your document retention:

  • Prepare your documents: Depending on the industry, the rules for audit procedures vary. To ensure a successful audit, identify what you will be expected to provide and be prepared to comply with these requirements.

  • Inventory: Each department should be responsible for a complete inventory of its records, identifying which records can be sent to storage and which can be securely shredded. Keep on top of your inventory to ensure it is up to date and accurate so you can retrieve records promptly.

  • Retention Schedule: A retention schedule is a policy document that defines a business’s legal and compliance recordkeeping requirements. It is intended to ensure that employees adhere to approved record-keeping requirements. This should apply to both electronic and paper documents and should be updated every 12 to 18 months.

Maintaining your document retention policy

Regularly reviewing and updating your document retention policy is crucial for its continued effectiveness. Laws change, business operations evolve, and technology advances, so your policy must adapt to remain compliant and relevant. Scheduling periodic reviews ensures that your retention periods align with current legal and regulatory requirements and that your disposal procedures are still appropriate.

Proactive management helps to avoid the risks associated with outdated practices or inconsistent application of the policy, safeguarding your business in the long run. Many businesses find value in outsourcing their document retention policy management, gaining access to knowledgeable specialists who can ensure consistent compliance and minimise potential risks. 

With over 28 years of dedicated experience in document management, Shredall SDS Group is ideally positioned to assist businesses with all aspects of their document retention policy needs. If your business needs support with advice on retention schedules, storing documents for the duration of their retention periods or shredding them when possible, get in touch with our team today.

Get a quick quote today

If you’re interested in how Shredall SDS Group could help
your organisation, we’d love to hear from you.

03333 555 100

Call us Mon-Fri 8am - 5pm and
speak to one of our friendly team.

Call us

Prefer to email

Send us your message or query
to info@shredall.co.uk

Email us