Data Retention and Records
A data retention standard specifies how long different categories of records must be kept, when and how they must be destroyed, and what circumstances suspend normal disposal. This standard establishes minimum retention periods for all organisational records regardless of format or storage location. Individual records may be retained longer where business need exists, but no record subject to this standard may be destroyed before its minimum retention period expires.
The standard applies to all records created, received, or maintained by the organisation in the course of its activities. Records held by third parties on the organisation’s behalf, including cloud service providers and outsourced processors, fall within scope through contractual obligations that must incorporate these requirements.
- Record
- Information created, received, and maintained as evidence and information by an organisation in pursuance of legal obligations or in the transaction of business, regardless of format or medium.
- Retention period
- The length of time a record must be kept before becoming eligible for disposal, measured from a defined trigger event such as creation date, transaction completion, or relationship end.
- Disposal
- The actions taken on records after retention period expiry: destruction, transfer to archives, or transfer to another organisation.
- Litigation hold
- A directive suspending normal disposal for records potentially relevant to pending or reasonably anticipated legal proceedings, investigations, or audits.
Records classification
Records classification determines retention requirements, access controls, and disposal methods. Every record must be assigned to exactly one record class. Where a record could belong to multiple classes, the class with the longest retention period applies.
The classification scheme organises records by function rather than format or department. A contract remains a contract whether stored as paper, PDF, or database record, and carries the same retention requirements regardless of which team created it.
| Class code | Record class | Description | Retention trigger |
|---|---|---|---|
| GOV | Governance and corporate | Constitutional documents, board minutes, policies, organisational structure | Document supersession or organisation dissolution |
| FIN | Financial | Transactions, accounts, budgets, audits, tax records | Financial year end |
| HR | Human resources | Employee records, recruitment, performance, disciplinary | Employment end or application decision |
| CON | Contracts and legal | Agreements, litigation, intellectual property, legal advice | Contract end or matter closure |
| PRG | Programme and project | Programme design, implementation, monitoring, evaluation, beneficiary data | Programme or project closure |
| DON | Donor and funding | Grant agreements, proposals, reports, donor communications | Grant closure |
| OPS | Operations | Facilities, assets, health and safety, environmental | Record creation or asset disposal |
| COM | Communications | External communications, media, publications, marketing | Record creation or campaign end |
| IT | Information technology | System documentation, logs, security records, configurations | System decommission or log rotation |
| ADM | Administrative | General correspondence, routine operational records | Record creation |
Retention periods by record type
The following tables specify minimum retention periods for common record types within each class. Periods are minimums; records may be retained longer where legitimate business need exists and data protection obligations permit.
Governance and corporate records
| Record type | Retention period | Trigger | Legal basis |
|---|---|---|---|
| Constitutional documents (articles, bylaws, certificates of incorporation) | Permanent | Not applicable | Corporate law |
| Board and trustee meeting minutes | Permanent | Not applicable | Corporate law, charity law |
| Board and trustee resolutions | Permanent | Not applicable | Corporate law |
| Annual reports and accounts | Permanent | Not applicable | Corporate law, charity law |
| Shareholder/member registers | Permanent | Not applicable | Corporate law |
| Organisational policies | 7 years | Supersession | Limitation periods |
| Seal register | Permanent | Not applicable | Corporate law |
| Statutory registers | Permanent | Not applicable | Corporate law |
| Strategy documents | 10 years | Supersession | Business need |
| Committee meeting minutes (non-board) | 7 years | Meeting date | Business need |
| Insurance policies | Permanent | Not applicable | Claims may arise indefinitely |
| Insurance claims | 7 years | Claim settlement | Limitation Act |
Financial records
| Record type | Retention period | Trigger | Legal basis |
|---|---|---|---|
| Annual accounts and audit reports | Permanent | Not applicable | Corporate law |
| General ledger | 7 years | Financial year end | Tax, Companies Act |
| Purchase ledger | 7 years | Financial year end | Tax, VAT |
| Sales ledger | 7 years | Financial year end | Tax, VAT |
| Bank statements and reconciliations | 7 years | Financial year end | Tax |
| Invoices (purchase and sales) | 7 years | Financial year end | VAT |
| VAT records | 7 years | Financial year end | VAT Act |
| Payroll records | 7 years | Financial year end | Tax, pension |
| Expense claims and receipts | 7 years | Financial year end | Tax |
| Budget working papers | 3 years | Financial year end | Business need |
| Petty cash records | 7 years | Financial year end | Tax |
| Credit card statements | 7 years | Financial year end | Tax |
| Gift Aid declarations | 7 years | Last donation under declaration | HMRC |
| Investment records | 7 years | Investment disposal | Tax |
| Pension scheme records | 12 years | Scheme wind-up or member benefit crystallisation | Pension regulations |
Human resources records
| Record type | Retention period | Trigger | Legal basis |
|---|---|---|---|
| Personnel files (general) | 7 years | Employment end | Limitation periods |
| Contracts of employment | 7 years | Employment end | Limitation periods |
| Payroll and tax records | 7 years | Employment end | Tax |
| Pension records | 75 years from birth or 7 years from benefit payment | Member death or benefit end | Pension regulations |
| Disciplinary records (warnings) | Duration of warning plus 1 year | Warning expiry | Employment law |
| Disciplinary records (dismissal) | 7 years | Employment end | Limitation periods |
| Grievance records | 7 years | Employment end | Limitation periods |
| Redundancy records | 7 years | Employment end | Limitation periods |
| Training records | 7 years | Employment end | Various regulations |
| Health and safety training | 7 years or duration of employment, whichever longer | Employment end | Health and safety |
| Recruitment records (successful) | Merge to personnel file | Appointment | Data protection |
| Recruitment records (unsuccessful) | 1 year | Application decision | Data protection, limitation |
| DBS checks | Do not retain certificate; record check date and result | 3 years | DBS code of practice |
| Right to work checks | 2 years | Employment end | Immigration |
| Statutory sick pay records | 3 years | Tax year end | SSP regulations |
| Statutory maternity/paternity pay | 3 years | Tax year end | SMP regulations |
| Working time records | 2 years | Record creation | Working Time Regulations |
| Annual leave records | 2 years | Leave year end | Working Time Regulations |
Contracts and legal records
| Record type | Retention period | Trigger | Legal basis |
|---|---|---|---|
| Contracts under seal (deeds) | 13 years | Contract end | Limitation Act (12 years plus 1) |
| Standard contracts | 7 years | Contract end | Limitation Act (6 years plus 1) |
| Intellectual property registrations | Permanent | Not applicable | IP law |
| Licensing agreements | 7 years | Agreement end | Limitation periods |
| Lease agreements | 13 years | Lease end | Limitation Act |
| Legal opinions and advice | 7 years | Matter closure | Limitation periods |
| Litigation files | 7 years | Matter closure | Limitation periods |
| Settlement agreements | 13 years | Agreement date | Limitation Act |
| Data processing agreements | 7 years | Agreement end | Data protection |
| Non-disclosure agreements | 7 years or confidentiality period plus 1 year | Agreement end | Limitation periods |
| Terms and conditions | 7 years | Supersession | Limitation periods |
Programme and project records
| Record type | Retention period | Trigger | Legal basis |
|---|---|---|---|
| Programme design documents | 10 years | Programme closure | Donor requirements, evaluation |
| Project proposals | 10 years | Project closure | Donor requirements |
| Logical frameworks and theories of change | 10 years | Programme closure | Evaluation needs |
| Monitoring data (aggregate) | 10 years | Programme closure | Donor requirements |
| Beneficiary registration data | 7 years | Programme closure | Data protection, donor requirements |
| Individual beneficiary records | 7 years | Programme closure or last service | Data protection |
| Safeguarding case files | 25 years | Case closure or victim reaching 25, whichever later | Safeguarding, limitation |
| Distribution records | 7 years | Distribution date | Donor requirements, audit |
| Needs assessments | 7 years | Programme closure | Evaluation |
| Evaluation reports | Permanent | Not applicable | Organisational learning |
| Complaints and feedback records | 7 years | Complaint resolution | Accountability |
| Partner agreements | 7 years | Agreement end | Limitation periods |
| Consent records | Duration of processing plus 7 years | Processing end | Data protection |
Donor and funding records
| Record type | Retention period | Trigger | Legal basis |
|---|---|---|---|
| Grant agreements | 10 years | Grant closure | Donor requirements |
| Funding proposals | 7 years | Proposal outcome | Business need |
| Grant reports (narrative and financial) | 10 years | Grant closure | Donor requirements |
| Donor correspondence | 7 years | Grant closure | Donor requirements |
| Due diligence documentation | 7 years | Grant closure | Donor requirements |
| Audit reports (grant-specific) | 10 years | Grant closure | Donor requirements |
| Sub-grant agreements | 10 years | Grant closure | Donor requirements |
| Budget modifications | 10 years | Grant closure | Donor requirements |
| Cost share documentation | 10 years | Grant closure | Donor requirements |
Operations records
| Record type | Retention period | Trigger | Legal basis |
|---|---|---|---|
| Health and safety risk assessments | 3 years | Assessment supersession | Health and safety |
| Accident reports | 4 years (adult) or until age 25 (minor) | Incident date | Limitation Act |
| RIDDOR reports | 4 years | Incident date | RIDDOR |
| Fire safety records | 3 years | Record creation | Fire safety |
| Maintenance records | 7 years | Asset disposal | Health and safety |
| Asset registers | 7 years | Asset disposal | Financial |
| Vehicle records | 7 years | Vehicle disposal | Tax, insurance |
| Environmental permits | Permit duration plus 4 years | Permit end | Environmental regulations |
| Security incident reports | 7 years | Incident date | Business need |
| Visitor records | 1 year | Visit date | Business need |
Information technology records
| Record type | Retention period | Trigger | Legal basis |
|---|---|---|---|
| System documentation | 3 years | System decommission | Business need |
| Security policies and procedures | 7 years | Supersession | Audit, compliance |
| Access logs (authentication) | 2 years | Log date | Security, compliance |
| Security event logs | 2 years | Log date | Security |
| Administrative action logs | 3 years | Log date | Audit |
| Backup logs | 1 year | Log date | Operations |
| Change records | 3 years | Change date | ITIL, audit |
| Incident tickets | 3 years | Ticket closure | Operations |
| Software licences | Licence duration plus 3 years | Licence end | Compliance |
| Penetration test reports | 3 years | Test date | Security |
| Vulnerability scan reports | 1 year | Scan date | Security |
| Disaster recovery test results | 7 years | Test date | Audit, compliance |
| Data processing records (Article 30) | Duration of processing | Processing end | GDPR |
Administrative records
| Record type | Retention period | Trigger | Legal basis |
|---|---|---|---|
| General correspondence | 3 years | Record creation | Business need |
| Transitory records (meeting arrangements, routine enquiries) | 1 year | Record creation | Business need |
| Press releases | 7 years | Release date | Business need |
| Publications | Permanent (one copy) | Not applicable | Organisational record |
| Media coverage | 3 years | Coverage date | Business need |
| Internal newsletters | 5 years | Publication date | Business need |
Regulatory retention requirements
Retention periods derive from multiple legal and regulatory sources. Where requirements conflict, the longest applicable period applies. The following table summarises key regulatory drivers by jurisdiction.
| Regulation | Jurisdiction | Key requirements | Affected record types |
|---|---|---|---|
| Companies Act 2006 | UK | Accounting records 3 years (private) or 6 years (public); company registers permanent | FIN, GOV |
| Charities Act 2011 | England and Wales | Accounting records 6 years; charity register permanent | FIN, GOV |
| HMRC requirements | UK | Tax records 6 years after relevant tax year | FIN, HR |
| VAT Act 1994 | UK | VAT records 6 years | FIN |
| GDPR / UK GDPR | UK, EU | No longer than necessary for purpose; specific periods for some categories | All personal data |
| Limitation Act 1980 | England and Wales | Contract claims 6 years; deed claims 12 years; personal injury 3 years | CON, HR |
| Pension regulations | UK | Indefinite for some scheme records | HR, FIN |
| Employment legislation | UK | Various periods; 7 years covers most requirements | HR |
| Health and Safety at Work Act | UK | 40 years for some exposure records | OPS, HR |
| USAID regulations | US (grants) | 3 years after final expenditure report; longer if audit unresolved | DON, PRG, FIN |
| FCDO requirements | UK (grants) | Typically 7 years after grant end; varies by agreement | DON, PRG, FIN |
| EU funding regulations | EU | 5 years after programme closure; 3 years after final payment for smaller grants | DON, PRG, FIN |
Some regulations require retention far beyond standard periods. Records of exposure to hazardous substances must be retained for 40 years. Pension records affecting member benefits must be retained for 75 years from the member’s birth. Safeguarding records involving children must be retained until the subject reaches at least 25 years of age, and longer where proceedings might arise.
Disposal requirements
Disposal methods must ensure records are irretrievable and that the disposal itself is documented. The method required depends on the sensitivity of the record content and the storage medium.
Disposal methods by sensitivity
| Data sensitivity | Paper records | Electronic records | Media destruction |
|---|---|---|---|
| High (personal data special categories, safeguarding, protection) | Cross-cut shredding to DIN 66399 P-4 or higher | Cryptographic erasure or physical destruction | Degaussing plus physical destruction |
| Medium (personal data, confidential business) | Cross-cut shredding to DIN 66399 P-3 or higher | Secure deletion with overwrite verification | Degaussing or secure erasure |
| Low (internal, non-sensitive) | Standard shredding or recycling | Standard deletion from production systems | Secure erasure before disposal |
| Public | Standard disposal | Standard deletion | Standard erasure |
Cryptographic erasure destroys the encryption keys protecting encrypted data, rendering the data unrecoverable without requiring physical destruction of storage media. This method is acceptable only where records were encrypted throughout their lifecycle using keys managed separately from the storage media.
Disposal documentation
Every disposal action must be documented in a disposal log containing:
| Field | Requirement |
|---|---|
| Disposal date | Date destruction or transfer completed |
| Record description | Sufficient detail to identify what was disposed |
| Record class | Classification code from retention schedule |
| Date range | Earliest and latest record dates in the disposal batch |
| Disposal method | How destruction was accomplished |
| Disposal authority | Reference to retention schedule, disposal authorisation, or legal requirement |
| Destruction certificate | For outsourced destruction, certificate from service provider |
| Authorised by | Name of person authorising disposal |
| Witnessed by | Name of person witnessing destruction (for high-sensitivity records) |
Disposal logs must be retained permanently as evidence of compliant records management.
Disposal prohibitions
Records must not be disposed of, regardless of retention period expiry, when:
- A litigation hold applies to the record class or specific records
- The records are subject to a current or pending audit
- The records are subject to a regulatory investigation
- A data subject access request is in progress and the records may be relevant
- The records are subject to a preservation order or court directive
Disposing of records subject to these prohibitions constitutes destruction of evidence and may result in adverse legal consequences, regulatory sanctions, and spoliation inferences in legal proceedings.
Litigation hold
A litigation hold suspends normal disposal for records potentially relevant to legal matters. The hold applies when litigation is pending, threatened, or reasonably anticipated, or when regulatory investigation or audit is underway or announced.
Hold triggers
| Trigger | Hold required from |
|---|---|
| Litigation filed | Date of service |
| Litigation threatened | Date of threat (letter before action, verbal threat) |
| Litigation reasonably anticipated | Date organisation became aware of circumstances likely to result in litigation |
| Regulatory investigation | Date of notification or date organisation became aware |
| Internal investigation | Date investigation commenced |
| Audit announced | Date of audit notification |
| Subpoena or discovery request | Date of receipt |
| Data subject complaint to regulator | Date of notification |
Hold scope
A litigation hold notice must specify:
| Element | Description |
|---|---|
| Matter reference | Unique identifier for the legal matter |
| Hold description | Nature of the matter and types of records potentially relevant |
| Custodians | Individuals whose records are subject to hold |
| Record types | Categories of records to preserve |
| Date range | Time period for records subject to hold |
| Systems | Specific systems where relevant records may exist |
| Hold start date | When preservation obligation begins |
| Issuing authority | Legal counsel or compliance officer issuing hold |
Hold notices must be issued within 48 hours of the triggering event. Recipients must acknowledge receipt within 72 hours.
Hold implementation
On receiving a litigation hold, the following actions are required:
| Action | Timeframe | Responsible party |
|---|---|---|
| Suspend automated deletion | Same day | IT |
| Notify backup rotation to preserve relevant media | Same day | IT |
| Collect and preserve custodian data | 7 days | IT, Legal |
| Interview custodians about record locations | 14 days | Legal |
| Preserve relevant third-party held data | 14 days | Legal, IT |
| Document preservation actions | Ongoing | Legal |
| Periodic reminder to custodians | Every 90 days | Legal |
Litigation holds remain in effect until released in writing by legal counsel. Releasing a hold before matter conclusion requires documented confirmation that no further preservation obligation exists.
Retention schedule governance
The retention schedule requires ongoing management to remain accurate and compliant with changing legal requirements.
Schedule maintenance
| Activity | Frequency | Responsible party |
|---|---|---|
| Legal and regulatory review | Annual | Legal, Compliance |
| Schedule accuracy review | Annual | Records management, function heads |
| New record type assessment | As needed | Records management, creating function |
| Disposal authorisation | Monthly or quarterly | Records management |
| Disposal verification | Following each disposal | Records management |
| Training and awareness | Annual | Records management |
Roles and responsibilities
| Role | Responsibilities |
|---|---|
| Records manager | Schedule maintenance, disposal coordination, compliance monitoring, training |
| Function heads | Ensuring staff compliance, identifying new record types, authorising disposal within function |
| Legal counsel | Legal retention requirements, litigation hold issuance, regulatory interpretation |
| IT | Technical implementation of retention, automated disposal, system documentation |
| Data Protection Officer | Personal data retention compliance, DPIA integration, data subject rights |
| All staff | Following retention requirements, identifying records for disposal, responding to holds |
Review triggers
Beyond scheduled reviews, the retention schedule must be reviewed when:
- New legislation or regulation takes effect
- Regulatory guidance changes
- New programmes or activities generate new record types
- Organisational structure changes affect record ownership
- Litigation or regulatory action reveals schedule deficiencies
- Merger, acquisition, or partnership introduces new obligations
Exceptions
Retention periods in this standard are minimums. Retaining records longer requires no exception approval, provided data protection obligations are met (personal data must not be retained longer than necessary for the purpose).
Disposing of records before minimum retention period expiry requires exception approval from the records manager and legal counsel. Exception requests must document:
| Element | Required information |
|---|---|
| Records to be disposed | Specific description, volume, date range |
| Standard retention period | What the schedule requires |
| Reason for early disposal | Why retention to standard period is not possible or appropriate |
| Risk assessment | Consequences if records later needed |
| Data protection assessment | Whether early disposal supports data minimisation or conflicts with processing purposes |
| Alternative measures | What mitigation is possible if records are needed |
| Approval | Records manager and legal counsel sign-off |
Exceptions are not available for records subject to litigation hold, regulatory investigation, or specific legal retention requirements.