How long should you keep important papers? This is a question asked frequently. There are legal requirements for this which we will explain here. These are also requirements that have been imposed by various government agencies. Check the table below for more details.
In addition to a retention obligation, an organisation also has a duty to destroy. This is known to fewer people, but at least as important. If you do not comply, you are punishable. Usually with a fine, but sometimes also as a driver. So pay attention!
We are regularly asked how to find out whether the archives in storage can be destroyed. This is also difficult, because it is not described in a special retention law. Dutch legislation deals with the retention and destruction obligations of documents in various sections.
The tax authorities indicate on their website that every entrepreneur is legally obliged to keep his records for 7 years (tax retention obligation). However, the tax authorities strive to minimize the administrative burden and sometimes use shorter retention periods. How long you need to keep your records depends on the interest they have in the different types of data in your records. Certain parts of your administration are classified as basic data. These include:
The basic data must be kept for 7 years.
In connection with the adjustment period of the input tax deduction for immovable property, such as commercial premises, you must keep the data of immovable property for 10 years. You must also keep your records for 10 years if you provide electronic services, radio and television broadcasting services, and telecommunications services. For the other data, you can make agreements with the Tax and Customs Administration about shorter retention periods than 7 years. For the basic data and the other data, you can make agreements with them about:
These agreements are recorded in writing. Please note! Agreements with us about shorter retention periods only apply to the Tax and Customs Administration. With other government institutions, you may still have to deal with the statutory retention period of 7 years.
The retention obligation also applies to computer programs and files. So, you also need to make sure that these programs and files can be used in an audit. Keeping a file only in printed form does not satisfy your retention obligation. However, under certain conditions, you can store files and other data in a different form. This is called conversion. The conditions are
Do you have (part of) your administration taken care of by a computer or payroll service agency? In that case, the data carriers of those service bureaus that contain data about your company are also subject to the tax retention obligation.
The retention periods below are derived from official laws and regulations. Even though hardly any changes are to be expected, we always advise you to check the current requirements in this area yourself.
Document
Soort
Bewaartermijn (jaar)
Dividendnota’s
Algemeen
5
Jaarrekening, accountantsverklaring e.d.
Winst- en verliesrekening
Algemeen
7
Administratie na ontbinding rechtspersoon
Algemeen
7
Gegevens bedrijfsmatig onroerend goed
Algemeen
10
Ledenadministratie van coöperatie met aansprakelijkheid leden
Algemeen
10
Subsidie administratie
Algemeen
10
Identificatiebewijs (op grond van Wet Identificatieplicht)
Fiscaal
5
Grootboek en administratie (zoals debiteuren, crediteuren en loon)
Fiscaal
5
Facturen i.v.m. de omzetbelasting
Fiscaal
7
Bewaarplicht Vervoersdocumenten
Fiscaal
7
Persoonlijk controleboekje
Vervoer
1
Register van werkboekjes
Vervoer
1
Registratiebladen
Vervoer
1
Correspondentie benoemingen, promotie, demotie en ontslag
Personeel
2
Loonbelastingverklaringen en kopieën identiteitsbewijzen
Personeel
5
Gegevens betreffende etniciteit en herkomst
Personeel
5
Identiteitspapieren van derden met tewerkstellingsvergunning
Personeel
5
Afspraken salaris en arbeidsvoorwaarden
Personeel
7
Burgerlijke staat werknemer
Personeel
7
Loonbeslagen
Personeel
Tot opheffing
Sollicitatiebrieven (en correspondentie), getuigschrift e.d.
Personeel
Maximaal 4 weken (met toestemming sollicitant 1 jaar)
Arbeidsovereenkomst en wijzigingen
Personeel
Maximaal 2 jaar na uitdiensttreding
Wijzigingen arbeidsovereenkomst
Personeel
Maximaal 2 jaar na uitdiensttreding
Verslagen van functioneringsgesprekken
Personeel
Maximaal 2 jaar na uitdiensttreding
Verslaglegging Wet Verbetering Poortwachter
Personeel
Maximaal 2 jaar na uitdiensttreding
VUT-regeling
Personeel
Maximaal 2 jaar na uitdiensttreding
Afspraken inzake werk OR
Personeel
Maximaal 2 jaar na uitdiensttreding
Algemeen
Medisch/arbo
Minimaal 10 jaar (werknemer kan om vernietiging vragen)
Patiëntendossier
Minimaal 20 jaar
Once the retention period has expired, the destruction can take place. It is important that it is destroyed so that it is no longer reproducible or repairable. You can do this yourself, or have it done by a specialized destroyer. Always ask for a CA+ certificate. This is the guarantee for you that it has actually been destroyed and is gone. This also avoids any liability in case it should turn up.
Source: https://autoriteitpersoonsgegevens.nl/nl/over-privacy/persoonsgegevens/bewaren-van-persoonsgegevens
Since an organization consists of people who work together with other people, there will always be an archive in which personal data is stored. That's why it's important to know how to deal with this.
In order to keep proper records, an organization must retain certain personal data for a certain period of time. But organizations are not allowed to keep this data longer than necessary. So there is also an obligation to destroy.
According to the Dutch Data Protection Authority, there is no specific retention period for personal data under the General Data Protection Regulation (GDPR). Organisations decide for themselves how long they keep personal data. In doing so, they look at how long the data is needed for the purpose for which it was collected or is used. As an organisation, you must therefore determine a retention period, which is appropriate in the situation in question.
However, there are legal retention periods in other laws that organizations must adhere to. Read more about this here.
If the retention period of personal data has expired or the data is no longer necessary, organizations must destroy the data. Organisations may only store this personal data in an archive if the personal data is intended for historical, statistical or scientific purposes.
In principle, there is no retention period for personal data in an archive, unless there are legal requirements for this from, among other things, the Public Records Act. So check these retention periods yourself. And if there are no legal requirements, determine the retention period for your organization yourself. Lay down the retention periods and the substantiation in order to be able to justify yourself in the event of complaints. For example, do this in your privacy policy.
The Dutch Data Protection Authority indicates that you will ask yourself the following questions:
Anyone can file a complaint about your organisation and the retention of their personal data with the Dutch Data Protection Authority (DPA), for example if people feel that you are storing their personal data for an unnecessarily long time. The DPA assesses, among other things, whether your substantiation is reasonable. And whether you indeed keep the retention period as short as possible in view of the purpose of the processing.
Tip Periodically check the personal data that you process in your administration. Delete or anonymize those personal data whose retention period has expired. Or sooner if you don't need them anymore.
Do you want to make your paper files digital as an organization? In that case, you may only destroy the original paper files if you, as an organisation, ensure proper security of the digital file. And, of course, also ensures that these digital files are also managed in compliance with the retention and destruction periods.
© 2019 Archiefkluis