A document retention policy is crucial when managing and protecting important records to avoid any criminal, civil and financial penalties that are mostly caused by bad data management practices.
Although GDPR does not dictate how long you should keep personal data, organisations are encouraged to set their deadlines based on the personal information they hold. The only requirement under the GDPR is that the organisation must document and justify why it has set the time frame it has.
In this guide, we look into the intricacies and legalities of document retention policies, including a table on the specific statutory retention periods for documents, so you can ensure your business is compliant. Use the jump links below to explore this guide:
- What is a document retention policy?
- What is a retention period?
- The importance and benefits of a document retention policy
- Legal requirements: retention periods for different document types
- Statutory retention periods of documents
- Tips for organising your records retention schedule
Shredall SDS Group's secure storage services allow businesses to store their documents off-site until the end of the statutory retention periods, while still having easy access to their documents. Each document can be indexed, giving a complete inventory, which can then be securely shredded at the end of its retention date.
What is a document retention policy?
A document retention policy is a set of internal guidelines created by a business to regulate how sensitive documents should be handled from the moment they’re created, including storage, access, and disposal, through to a specified disposal date.
These policies are crucial for legal compliance, risk management, and operational efficiency. A well-defined policy ensures that important information is available when needed, while preventing the risks and costs associated with retaining unnecessary or outdated documents.
What is a retention period?
A retention period is the required amount of time you should keep your document before securely disposing of it. The minimum retention period depends on the type of document and what the document contains.
While retention policies establish the obligation for legal compliance, it's the specific retention periods within those policies that directly dictate the duration for meeting this business necessity. Avoiding compliance problems hinges on a clear grasp of retention periods. The retention policy facilitates this understanding, making it accessible for all staff in your business.
UK GDPR legislation is one of the key regulations that sets out the specific retention periods for different types of documents. It specifically mandates that data should only be kept for as long as we need it for the reasons we collected it, and therefore, policies are needed to support this.
The importance and benefits of a document retention policy
If your employees are regularly handling sensitive documents and information, it’s important to have a document retention policy in place.
Auditability
The main reason many companies create a DRP is for clarity in legal and regulatory investigations. Should your company ever be audited or investigated by a body like HMRC, being able to provide access to all current documents and show evidence of timely destruction of old documents is vital. Missing documents or records destroyed outside of a schedule can complicate these processes.
Compliance with data security
More generally, a document retention policy helps a business to be compliant with data security regulations at both an industry and national level. Whilst GDPR has been in effect for a while now, maintaining ongoing compliance remains paramount. Even if you already do things by the book, implementing a concrete policy helps to preserve compliance for the future, and can help build trust with prospective clients or future customers.
Failure to comply with the law regarding document retention can lead to significant penalties, including hefty fines, legal repercussions, and reputational damage for the business.
Business efficiency
Finally, there is also a notable business benefit to a DRP. A detailed records and storage management system and destruction schedule removes ambiguity around what to do with documents, cutting the time it takes to locate them, and allowing you to plan for destruction dates. The clearer your business’s processes are, the easier it is for employees to work efficiently. A document retention policy is an important piece of that puzzle.
At Shredall SDS Group, we can help you store documents during the duration of your retention period. Get in touch today to find out more.
Legal requirements: retention periods for different document types
Below are some common document types retention periods explained in detail.
How long to keep payroll data?
Data relating to PAYE, maternity pay, or statutory mandatory pay only needs to be kept for 3 years after an employee leaves your company. Beyond this, it’s unlikely you will have a legitimate reason for holiday pay information for ex-employees.
How long to keep employee records after termination?
Employee data such as personal records, performance appraisals, employment contracts, etc. Should be stored for 6 years after the employee has left. Under the GDPR, the condition for processing would be a legal obligation or legitimate interest.
What is the retention period for tax records?
Tax returns should be kept for 3 years from the date you filed your original return or 2 years from the date you paid the tax, whichever is later.
How long should you keep business documents?
In general, company records must be retained for around six years, however, some documentation needs to be kept for 10 years, including companies’ statutory books, VAT MOSS records and minutes of board meetings.
Statutory retention periods of documents
Here are some further common recommended periods of retention dates and the minimum statutory retention period required for multiple document types.
Type of Document |
Statutory Minimum Retention Period |
Recommended Period of Retention |
Incorporated Documents |
||
Certificate of Incorporation and Certificate on Change of Name |
N/A |
Permanently |
Certificate to Commerce Business (Public Company) |
N/A |
Permanently |
Statutory Returns, Records and Registers |
||
Annual Return (copy) |
N/A |
Permanently |
Return of Allotments (copy) |
N/A |
Permanently |
Directors’ Service Contracts |
6 years after cessation |
6 years after cessation |
Unpaid dividend records |
N/A |
3 years from the instruction |
Notification of address change by member |
N/A |
2 years after notification |
Share Registration Documents |
||
Register of Members |
N/A |
Permanently |
Powers of Attorney |
N/A |
Permanently |
Contacts for purchase of own shares by company |
N/A |
Period of retention 10 years from date of contract |
Dividend and interest payments lists |
N/A |
Until audit of the dividend payment is complete |
Paid dividend and interest warrants |
N/A |
6 years after date of payment |
Bank Records |
||
Annual report and accounts (signed) |
N/A |
Permanently |
Annual report and accounts (unsigned) |
N/A |
Permanently (keep sufficient copies to meet requests) |
Taxation records and tax returns |
Inspection possible up to 6 years after tax/accounting period |
Permanently |
VAT Records and Customs & Excise Returns |
Inspection may be conducted up to 6 years after tax/accounting period |
Permanently |
Public Company |
6 years |
10 years |
Limited Company |
3 years |
10 years |
Expense Accounts |
N/A |
7 years |
Cheques, bills of exchange and other negotiable instruments |
N/A |
6 years |
Statements from and instructions to the bank |
N/A |
6 years after ceasing to be effective |
Budgets, forecasts and periodic internal financial reports |
N/A |
5 years |
Contracts |
||
Trust deeds and rules (pension schemes) |
N/A |
Permanently |
Contracts with customers, suppliers, agents or others |
N/A |
6 years after expiry or contract completion |
Rental and hire purchase agreements |
N/A |
6 years after expiry |
Licensing agreements |
N/A |
6 years after expiry |
Insurance |
||
Product/public liability policies |
N/A |
Permanently |
Employers’ liability policies |
40 years |
Permanently |
Accident report book and relevant records |
3 years from date of entry (Health & Safety at work Act 1974 S7) |
Permanently |
Health & Safety policy documents |
Implied permanently by Health & Safety at work Act (1974 S2(3) |
Permanently |
Group health policies |
N/A |
12 years after final cessation of benefit |
Medical Records - general |
N/A |
12 years |
Employee Records |
||
Employment Agreements |
6 years |
Permanently |
Income tax records (P45/P60/P58/P48 etc.) & Annual return of taxable pay and tax paid |
6 years |
12 years |
Payroll and wage records (including details of overtime, bonuses and expenses) |
6 years |
12 years |
Personnel Record |
N/A |
7 years after employment ceases, with permanent records held in cloud backups or externally held hard drives |
Training Records |
N/A |
6 years after employment ceases |
Salary Records |
N/A |
5 years |
Job applications and interview records |
N/A |
Up to 1 year |
Material with Copyright Protection |
||
Literary, dramatic and musical works |
N/A |
Life plus 50 years |
Artistic works, recordings, films, photos and broadcasts |
N/A |
50 years |
Property Documents |
||
Leases |
N/A |
12 years after lease and liabilities under the lease have terminated |
Title deeds for property |
N/A |
Permanently or until sold or transferred |
Medical Records |
||
X-Ray Registers |
30 years |
|
Child Protection Registers |
26 years |
|
Audiology, Dietetic and Nutrition, District Nursing, Occupational Therapy, Physiotherapy, Podiatry and Language Therapy |
20 years |
|
Dental Records |
11 years |
|
X-Rays |
8 years |
|
Incident forms |
8 years |
|
Admission/Discharge books |
8 Years |
|
Personnel records |
6 years |
Key components of a document retention policy
There are three core components of a document retention policy that are fundamental to the success of implementation across your organisation. These include:
-
Retention schedules: Clear, specific timelines for different document types based on legal, regulatory, and business needs, ensuring that there is a length of time dictated for each record.
-
Legal and regulatory compliance: This component explicitly outlines the laws and regulations that the policy adheres to (such as GDPR), allowing specific references to be made as to why a record is being kept for a certain length of time.
-
Document disposal procedures: Clear and secure methods for disposing of documents after the retention period are crucial for adhering to data protection laws and avoiding any future liabilities.
There are additional components to a comprehensive and effective DRP, addressing the legal aspects of document retention. There are additional components such as roles and responsibilities, enforcement, and more. For expert guidance in establishing a robust document retention policy tailored to your specific needs, our specialist consultancy services are available to assist you.
Tips for organising your records retention schedule
The thought of knowing where to start with all your documents can be overwhelming. It all starts with a good, clear out and document management. Below are our top three tips to help you get started with your document retention:
-
Prepare your documents: Depending on the industry, the rules for audit procedures vary. To ensure a successful audit, identify what you will be expected to provide and be prepared to comply with these requirements.
-
Inventory: Each department should be responsible for a complete inventory of its records, identifying which records can be sent to storage and which can be securely shredded. Keep on top of your inventory to ensure it is up to date and accurate so you can retrieve records promptly.
-
Retention Schedule: A retention schedule is a policy document that defines a business’s legal and compliance recordkeeping requirements. It is intended to ensure that employees adhere to approved record-keeping requirements. This should apply to both electronic and paper documents and should be updated every 12 to 18 months.
Maintaining your document retention policy
Regularly reviewing and updating your document retention policy is crucial for its continued effectiveness. Laws change, business operations evolve, and technology advances, so your policy must adapt to remain compliant and relevant. Scheduling periodic reviews ensures that your retention periods align with current legal and regulatory requirements and that your disposal procedures are still appropriate.
Proactive management helps to avoid the risks associated with outdated practices or inconsistent application of the policy, safeguarding your business in the long run. Many businesses find value in outsourcing their document retention policy management, gaining access to knowledgeable specialists who can ensure consistent compliance and minimise potential risks.
With over 28 years of dedicated experience in document management, Shredall SDS Group is ideally positioned to assist businesses with all aspects of their document retention policy needs. If your business needs support with advice on retention schedules, storing documents for the duration of their retention periods or shredding them when possible, get in touch with our team today.