10 moments when you must destroy business documents
Destruction is not a one-off job you do once and forget, but something that returns at fixed moments in a company's life. Every time the archive moves, waste paper appears that no one needs any more and that becomes a risk the moment it sits around. These are the ten moments when a destruction round belongs, with, for each moment, what to watch for and which guide to click through to.
The quick answer. Destruction belongs at two kinds of moment. Recurring, as soon as a retention period ends, and at events that shake up the archive, from a move to a bankruptcy. Whoever has these ten moments in the diary prevents boxes sitting around for years and keeps the archive in line with the GDPR.
Moment 1. The office move
A move is the natural moment not to lug everything along. Every box you shift costs money and space, and old files you never open again do not deserve a place in the new premises. Before the move, go through each cabinet for what is past its retention period and have that destroyed confidentially rather than moving it. That way you start clean and with a smaller, clearer archive. What you do and do not take at a move is set out in an office move and what to destroy.
Moment 2. The annual clean-up after the retention period ends
The fixed recurring moment. Every year a batch of files passes its retention period. Invoices from seven years ago, expired contracts, old personnel documents. Without a fixed clean-up moment all of that stays put and your archive grows into a pile that a data breach would put fully on the street. Plan a recurring round, for example once a year, and destroy what is past the period. Whether that should be recurring or one-off is in recurring versus one-off destruction.
Moment 3. A business takeover and due diligence
At a takeover your archive is suddenly viewed by others. In the due diligence exercise advisers dig through contracts, personnel files and administration, and after the deal it must be clear what the buyer receives and what stays behind. Duplicate documents, expired files and data the buyer does not need you have destroyed confidentially rather than handing them over. That way you deliver a clean archive and limit what passes from hand to hand. How to prepare the archive is set out in a business takeover, archive and due diligence.
Moment 4. A merger with duplicate archives
Two companies that join bring two archives, and those almost always overlap. The same client is registered twice, the same procedures exist in two versions and both organisations kept their own administration. When merging you choose, per category, which version leads and have the duplicate documents destroyed confidentially. If you do not, you drag two half archives along for years in which no one finds their way any more. Merging and clearing out is covered in a merger, combining and destroying archives.
Moment 5. Bankruptcy or restart
If a company goes bankrupt, the trustee takes over the administration and its own rules apply to what is kept. At a restart there is the added question of which data the new business may take over and which really must go. Not everything may simply carry over, and personal data needs a valid ground before it moves along. So agree with the trustee what you keep and have the rest destroyed demonstrably. The division of roles is in bankruptcy, archive, trustee or destruction.
Moment 6. Converting your legal form
If you convert a sole trader into a private limited company or otherwise change legal form, more changes than the name on the letterhead. Old letterheads, outdated contract templates, superseded powers of attorney and administration in the name of the old form are no longer valid. Keep what the tax retention obligation requires, but have the outdated material that only causes confusion destroyed confidentially. That way you avoid documents circulating that no longer hold up legally and old data lying around needlessly.
Moment 7. Closing the business
If you stop altogether, the biggest clean-up follows. Part of the administration you must keep for years after closure because of the tax retention obligation, but many other documents no longer serve a purpose and should not end up in a former employee's garage at home. Decide what you still have to keep and where, and have the rest destroyed confidentially in one round with proof. That way you close off neatly with no loose ends. What stays and what may go is in closing a business and destroying the archive.
Moment 8. Departure and offboarding
Every time an employee leaves, a file is freed up. Part of the personnel file you keep for a fixed period, part had a shorter period and may go on departure, and application data or access passes certainly should not stay around forever. Make offboarding a fixed moment to clean the file, so that you are not, years later, keeping a stack of documents for which there is no longer a ground. The checklist is in the personnel file on departure.
Moment 9. After digitising
Whoever scans the archive often thinks the paper then vanishes by itself, but it actually stays put. As long as the originals sit in the attic, you have everything twice and run double the risk. As soon as the scan is complete and checked and the retention rules allow, you have the originals destroyed confidentially rather than keeping them alongside the digital version. Only a handful of originals with a statutory ground do you keep. How scanning and then destroying works is in digitising your archive and then destroying.
Moment 10. After a data breach or incident
A data breach painfully shows how much data you actually had in stock. After handling the incident is the moment to look at what should never have been there and to clear it out, so a next breach can reach less. Data minimisation is not only a principle up front, but also a clean-up afterwards. In the same round take along the data carriers you no longer use and have them physically destroyed. That way you turn an unpleasant incident into a reason to get your archive back in order.
How to turn these into fixed moments in 5 steps
- Put the recurring clean-up in the diary, at least once a year.
- Tie the events to a checklist, from a move to offboarding.
- Test each category against the retention period before you destroy anything.
- Take data carriers along in the same round as the paper.
- Ask for a certificate and record every round in your record of processing.
Planning a destruction round?
Tell us what you have and you get a fixed price. We collect it sealed, destroy it at the right DIN level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.
Request a quoteFrequently asked questions
When must I have business documents destroyed?
As a rule at two kinds of moment. Recurring, as soon as a retention period ends and data has lost its purpose. And at events that set the archive in motion, such as a move, takeover, merger, bankruptcy, business closure or an employee's departure. Those are the moments when the most clutter and the most risk appear.
May I clear everything out at a move or takeover?
No, test against the retention period first. Administration falls under the seven-year tax retention obligation and some documents you keep longer. What is past the period and no longer serves a purpose may go. At a takeover the contract also decides what the buyer receives and what the seller destroys confidentially.
Is a data breach a reason to destroy more?
Often it is. After an incident it regularly turns out that more was in stock than was needed. Once the matter is settled you clear out the data you should no longer have kept, so a next breach can reach less. That clean-up is part of data minimisation.
Do I need a certificate for every destruction round?
For your own file, yes. The GDPR asks for accountability and without a certificate you cannot show what was destroyed, when and at what level. Ask for a certificate of destruction at every round and record the destruction in your record of processing.
Conclusion
The ten moments share a common thread. They are all a turning point at which the archive changes, and it is precisely then that you should clear out rather than push forward. Fix the annual clean-up in the diary and tie the events, from a move to a breach, to a fixed destruction round. Test against the retention period every time, take the data carriers along and ask for a certificate as proof. That way your archive stays small, current and in line with the GDPR.
Read also: 7 mistakes when destroying business documents, which documents you can destroy after 7 years and the GDPR retention periods cheatsheet.
Have business documents collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.