HomeKnowledge base › Destroying client records as a bookkeeper
Financial

Bookkeeper: destroying old client records after the retention period

Bookkeeper having old client records destroyed after the retention period

A bookkeeper keeps a client's records for years. Ledgers, invoices, payslips, bank statements. Once the 7-year tax retention period has passed, that paper may go. Often it must go, because keeping it longer without a purpose clashes with the GDPR. This article shows when you may destroy old records, how to have them collected sealed and what proof you hold afterwards.

If you have worked for the same clients for years, the archive grows by itself. Each year a new set of binders is added and every client that stops leaves a complete set of records behind. At some point the storage room fills with files nobody needs any more. This is the overview for the bookkeeper who wants to clear that out structurally without running a tax or privacy risk.

Which client records does a bookkeeper hold?

A bookkeeper manages a complete set of financial records per client. There is everything in there: purchase and sales invoices, ledger accounts, bank statements, cash documents, VAT returns, annual accounts and often the payroll records. Many of those documents contain personal data. A payslip carries a citizen service number, an expense claim a name with a bank account, a return the private details of an entrepreneur. That makes the archive not just old paper but a collection of confidential data of your clients and their staff.

The 7-year tax retention period, briefly

The basic records fall under the 7-year tax retention obligation. The period starts on 1 January after the last relevant financial year. So an invoice from 2017 may only go from 1 January 2025. The full explanation with all exceptions is in the 7-year tax retention obligation. For a bookkeeper the core is simple: count seven full years and only then does the oldest financial year qualify for destruction. An overview per document type is in the GDPR retention periods cheatsheet.

Some documents 9 or 10 years

Not everything may go after seven years. If a client has real estate in the business, a revision period of nine years applies for VAT. Many firms round that up to ten years to avoid any risk. So the records around purchase, renovation and VAT revision of a business property stay longer than the ordinary bookkeeping. So check briefly per client whether real estate, a pending dispute or a tax reassessment plays a role. Only once those longer periods have also passed may the whole file leave.

When may client records actually go?

A file may only be destroyed once all periods on it have ended and nothing is still running. Draw a fixed line each year. All documents from financial year X may go from 1 January of year X plus eight, except where a longer period applies. If a client stops and the relationship ends, the retention period does not start again but you count on from the last financial year. So you prevent closed client files lying around for years while they could long since have been destroyed. A handy approach is to tie the clearing-out to the year-end close. Once you have just finished a financial year's returns, the oldest year comes free at the other end of the archive. By keeping that rhythm the archive breathes along with the years and a heap of expired files never builds up again.

After the period, clearing out is a GDPR duty

Many bookkeepers think keeping is always safer than throwing away. For personal data that is not true. The GDPR has the principle of storage limitation: you do not keep data longer than needed. If the tax period is at zero and there is no other purpose, keeping it longer is a breach. Old payslips with a citizen service number that stay in a binder for years past the period are a risk with no use. Clearing out is then not a free choice but an obligation. How to do that demonstrably is in demonstrable destruction for the GDPR.

The bookkeeper is usually a processor

Under the GDPR a bookkeeper often has a dual role. For the firm's own records he is a controller. For the records he keeps on behalf of a client he is usually a processor: the client sets the purpose and means, the firm carries it out. That means destruction of client data does not just happen on his own initiative, but according to the agreement with the client. Record in the data processing agreement that you destroy the records after the retention period. Then you act on instruction. The accountant side of this processor role is set out in detail in accountants and destroying client files.

Paper and digital records both

A modern set of client records consists of paper and data. The binders on the shelf, but also old backups, external drives and USB sticks with bookkeeping files. Both contain the same sensitive data and both call for secure destruction. A drive you only wipe or throw in the bin is often still readable with the right software. So hand over data carriers in the same collection as the paper. That way you cover the whole set of client records in one go, instead of neatly destroying the paper and forgetting the data.

The confidential collection service

You do not have to take the boxes away yourself. We collect the client records at your office. The documents go along sealed, so the chain from collection to destruction stays closed and no file goes missing on the way. You set out the boxes to be destroyed, we take them and destroy them. That is safer than an open bin standing on the kerb for days and it saves you a trip. The closed chain from start to finish is exactly what a supervisor expects with sensitive financial data. For a firm with client files that counts extra heavily, because you are responsible for someone else's data. A sealed collection shows the documents were at no point unattended, from your cabinet to destruction.

DIN P-4 and P-5 for paper

How finely the paper must be destroyed is set by the DIN 66399 standard. For ordinary records with personal data P-4 is the appropriate level. For documents with a citizen service number, such as payslips and returns, P-5 is the right lower limit, because reconstruction is then practically impossible.

LevelParticle sizeSuitable for
P-4Small particlesInvoices, ledgers, bank statements
P-5Very small particlesPayslips and returns with ID numbers

An ordinary office shredder often reaches only P-2 and is not made for hundreds of binders. External destruction to the right level is therefore not a luxury but the norm for a bookkeeper.

Data carriers in the same collection

Old backup drives, USB sticks and written-off workstations with bookkeeping files belong with the same clear-out. Hand them over in the collection and have them physically destroyed, not just wiped. On the certificate come the serial numbers, so the proof is traceable to the specific carrier. So you prevent the data of a closed client still sitting on a forgotten drive in the cupboard. Paper at P-5, data carriers at material level, all in a sealed collection.

The certificate of destruction

After the collection you receive a certificate of destruction. It states the date, the quantity and the DIN level applied, for data carriers supplemented with the serial numbers. A certificate per collection suffices. Note in your own records which client files were in that collection, then the proof is still traceable per client. Keep the certificate in your GDPR file and with the agreement sheet of the client concerned. At a question from the client or an inspection you can show with it in a few minutes that the records were cleared out neatly.

GDPR demonstrability and your accountability

The GDPR asks not only that you clear out, but that you can show it. That is called the accountability principle. For a bookkeeper as processor it means you must be able to show each client that their records were destroyed after the period. The certificate is the proof for that, the note in your record the context. So you prevent discussion if a client later asks where their old documents went. The answer is then a document with date and level, not a vague hunch that it was thrown out somewhere.

What does destroying client records cost?

You pay a fixed price in advance, no unexpected surcharges. The price depends on the volume, the number of boxes or roll containers, the DIN level and the number of data carriers. A first box starts around 30 euro, with the certificate included. The more you have collected in one go, the better the price per box. For a bookkeeper it therefore pays to do a yearly clear-out round rather than loose boxes. So you always know in advance where you stand. The full pricing is in archive destruction cost.

Amsterdam within 20 km and beyond

We collect the client records at your office. Within 20 km of Amsterdam we charge no call-out fee. If your office is further away, we work nationwide via pooled routes, so the trip is shared and the price stays sharp. You bring nothing away and you do not have to visit a fixed location. The collection always happens at your place, at a time that suits you, with a fixed price you know in advance.

Common mistakes

  • Keeping everything just in case. After the period, keeping personal data longer is precisely a GDPR breach.
  • Not informing the client. As a processor you destroy on instruction, record that in the data processing agreement.
  • Forgetting data carriers. Old drives with bookkeeping files otherwise remain a leak.
  • No certificate. Without proof you can show nothing to a client or supervisor.
  • Too low a level. For payslips with an ID number P-5 is needed, not the strips of an office shredder.

Cleared out in 5 steps

  1. Determine per client which financial years are past their period, watch for real estate and pending matters.
  2. Separate the boxes to be destroyed physically from the rest, so no mistake arises.
  3. Plan a sealed collection at your office, paper and data carriers together.
  4. Have it destroyed at P-4 or P-5, data carriers at material level.
  5. Keep the certificate and note which clients were in it.

A real-world example

Imagine a bookkeeper closes the relationship with a client who stopped years ago. In the cupboard there are still twelve binders of that client, the last financial year is 2016. The seven-year period expired on 1 January 2024 and there is no real estate or dispute. The bookkeeper checks that the data processing agreement says he destroys after the period. He sets out the twelve binders with an old backup drive of the same client. The collection happens sealed at the office, the paper goes at P-5 because there are payslips in it, the drive is physically destroyed. A week later the certificate is in the file, with the serial numbers of the drive on it. At the final settlement the bookkeeper can show the client that everything was cleared out neatly. No more full cupboard, no risk, conclusive proof.

Have client records destroyed with a certificate?

Tell us how many boxes and data carriers you have and you get a fixed price in advance. We collect it sealed at your office, destroy it to the right DIN level and you receive a certificate for your GDPR file. No call-out fee within 20 km of Amsterdam, nationwide via pooled routes.

Request a quote

Frequently asked questions

When may a bookkeeper destroy old client records?

Once the 7-year tax retention period has passed and no longer term or pending dispute applies. For real estate it is 9 or 10 years. After that, clearing out is even required under the GDPR.

Is a bookkeeper a processor or a controller?

For the records kept on behalf of a client the bookkeeper is usually a processor. The client sets the purpose and means, so destruction happens on the client's instruction and the data processing agreement.

Do I need a certificate per client?

A certificate per collection suffices, with date, quantity and DIN level. Note in your own records which client files were in that collection, so the proof is traceable per client.

Can paper and digital go in the same collection?

Yes. Paper binders and data carriers such as old backup drives and USB sticks can go in the same sealed collection, each destroyed to the right level, with the serial numbers on the certificate.

What does destroying client records cost?

You pay a fixed price per box or roll container, from about 30 euro for the first box, certificate included. Within 20 km of Amsterdam we charge no call-out fee.

Do I have to ask the client before destroying?

For records you keep as a processor, yes. Record in the data processing agreement that you destroy after the retention period, then you act on instruction and need not have each box confirmed separately.

Conclusion

For a bookkeeper, clearing out old client records is not a chore but a fixed part of careful work. Count the tax period through, allow for the longer periods for real estate and clear out afterwards. Do it as a processor according to the agreement with the client, take paper and data carriers together in a sealed collection and keep the certificate as proof. That way you win back storage space, meet the GDPR and can show each client that their records were destroyed neatly. A good approach for freelancer clients is in freelancer records destruction. Whoever also manages audit files reads on in destroying NBA working papers.


Ready to clear out the oldest client files? Request a quote via desnipperaar.nl. We collect it sealed at your office and you receive a certificate as proof for your GDPR file.