Effective record retention allows companies to review performance, retrieve vital information, and operate legally under UK and international law.
The legal criteria that govern record retention are extensive and detailed, on top of the 'recommended' and internal retention and disposal targets that are part and parcel of any decent Record Retention Schedule (RRS). Breaking any of these laws can carry severe penalties under the and Data Protection Act 2018 (incorporating the infamous GDPR).
It's important to be as informed as you can if you supervise record retention, disposal, or retrieval. Here are three tips that only the experts in statutory requirements really know about.
1) Any Outdated HMRC Records Must Always Be Destroyed After Six Years (Plus Current)
It is a requirement in UK law that any records relevant to HMRC can ONLY be held for up to 6 years, 11 months. After that point, every outdated record must be destroyed unless a suitable reason can be given such as personal safety, auditing, or monitoring wider financial performance.
This means that all tax paperwork (including tax returns and payroll slips) you handle must be covered by a dedicated Record Retention Scheme. The six-year period of retention legally starts from the start of the next tax year relative to when the record was created (e.g. April 6th 2021 for documents archived in May 2020).
2) Personal Data Must Always Be Held With Full User Consent
Following the introduction of the General Data Protection Regulations (GDPR) in 2018, consumers were given far greater legal control over how their personal data is recorded, used, and retained by organizations.
If a user requests it or withdraws their custom, any records taken of their personally identifiable information must be destroyed as soon as is possible. This legislation covers sensitive information such as consumer preferences, home addresses, contact details, and medical records. This requirement is known as Article 17 (The Right to Erasure).
The GDPR also contains automatic provisions to ensure that a high level of data protection and a fixed disposal schedule governs all consumer and private records. Personal data that is no longer needed must be disposed of as soon as possible. Anonymized metadata (such as that held in graphs and tables) and records that can be said to be 'in the public interest' may be retained indefinitely.
Fines may be levied if your organization breaches the GDPR retention criteria even if the breach is unintentional.
3) Different Types Of Document Are Subject To Vastly Different Retention Periods
Did you know that the length of time you need to (legally) retain records for can vary greatly depending on their contents?
While most audit reference material can be safely disposed of after two years, more sensitive and valuable information (such as that held in surgical and dental records) needs to be kept safe and accessible for decades.
When creating a record retention schedule for your organization, always check carefully which legal criteria are attached to your archived documents. We can advise you on the length of time that you're legally required to retain different types of document for.
Professional, Third-Party Record Archiving With CAS Ltd
Do you need document retention experts to take care of your office archive? Located just outside London, our storage and processing facilities cater to a range of clients from across the United Kingdom. Call or email us today with your queries and we'll work to develop the paperwork plan that's right for you.
COVID-19 update: our scan-on-demand service is available to provide customers with rapid access to archived documents while working remotely.
Image source: Unsplash
