HomeKnowledge base › Debt counselling and record destruction
Debt help

Debt counselling and administration: destroying client files

Client files of a debt counsellor and administrator ready for confidential destruction

A debt counsellor, protective administrator or budget manager works with the most vulnerable people and with files full of sensitive data: income, debts, creditors, attachments, a national ID number and sometimes medical or psychosocial information. These files demand the highest care, both in keeping and in destroying. This guide shows, by part, what you keep, when it may go and how to destroy it confidentially.

The quick answer: the financial administration you keep for seven years for the tax retention obligation. The substantive client file you keep until a set period after completion of the trajectory or administration, after which it may go. Because the files are highly sensitive, you destroy at a fine level, with a certificate as proof.

Why these files demand the highest care

In a debt-counselling or administration file almost everything sensitive comes together. Someone's income and expenses, the outstanding debts, the creditors, attachments and sometimes the reason behind the problems, such as a divorce, illness or addiction. That last category touches on medical and psychosocial data, which is special-category personal data. Together this forms one of the most far-reaching files there is.

The people involved are moreover vulnerable and dependent. A data breach with a debt-counselling file hits someone who is already struggling extra hard. So here both storage limitation and the level of destruction weigh heavily. Do not keep longer than necessary and destroy so that nothing remains reconstructable.

Retention periods by part

The period differs per type of data. The overview below gives the main line. Count the tax period from the end of the financial year and the other periods from the completion of the trajectory or administration.

PartStarting pointPeriod
Financial administrationTax retention obligation7 years
Final account and justificationAudit and limitationseveral years
Substantive client filePolicy and applicable rulesperiod after completion
Medical or psychosocial dataSpecial-category datadestroy finely
Correspondence and draftsNo retention obligationclear out at once
Data carriers at end of trajectoryWipe or destroyafter transfer

Use this as a guideline, not a final legal ruling. Set the exact period in your own policy, matching the rules for your form of service. The tax side is in the 7-year tax retention obligation.

Administration runs long, so does the file

Protective administration can last years and sometimes the rest of someone's life. As long as the administration runs, there is a valid purpose to keep the file complete. Only after the administration ends, through termination or death, does the wind-down begin. You then still keep the final account and the justification for an audit and limitation period, so you can show everything if the court or an heir asks.

Assess per file whether a running matter is still in play after the end, such as a dispute or a settlement. If not and the period has expired, this sensitive file too should be destroyed confidentially. Keeping just in case is not a valid ground under the GDPR.

Medical and psychosocial data separately

Where a file contains data about health, addiction or a mental situation, this is special-category personal data with stricter rules. Keep this data recognisably separate, allow it only to those who need it and destroy it at a fine level as soon as it is no longer needed. That way you avoid a whole file inheriting the longest period of its most sensitive part.

Debt-counselling clients sometimes also appear at other parties, such as an energy company with a payment arrangement. How that side handles payment files is in energy and utilities: destroying customer data.

How to handle it in 6 steps

  1. Split the file into administration, justification, substantive file and special data.
  2. Clear out drafts and correspondence without a retention obligation confidentially at once.
  3. Treat medical and psychosocial data separately and at a fine destruction level.
  4. Assess per file whether the trajectory or administration is completed and the period expired.
  5. Collect what may go in sealed containers, not in the paper bin.
  6. Have it destroyed confidentially with a certificate and record it in your register.

Destroy confidentially with a certificate

Client files are destroyed confidentially at a fine level, because they contain a national ID number, financial data and sometimes medical information. The paper and any data carriers travel sealed and stay that way until destruction, so the chain is closed. An old computer or backup with files belongs with it too.

Afterwards you receive a certificate of destruction with the date, quantity and level. That certificate is your proof towards the GDPR and the court that you acted carefully. Record the destruction in your GDPR administration. We collect within 20 km of Amsterdam with no call-out charge, work nationwide through pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible; it works by appointment through collection.

Client files to be destroyed?

Tell us what you have and you get a fixed price. We collect it sealed, destroy it at a fine DIN level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.

Request a quote

Common mistakes

  • Keeping the whole file for the same period. Administration, justification and substantive file have different periods.
  • Keeping just in case. After completion and limitation the purpose lapses.
  • Treating medical and psychosocial data as ordinary paper. That is special data.
  • Throwing away unshredded. A debt-counselling file on the street is a serious data breach affecting a vulnerable person.
  • Keeping no proof. Without a certificate you cannot demonstrate the destruction.

Frequently asked questions

How long does a debt counsellor keep a client file?

The financial administration falls under the seven-year tax retention obligation. The substantive client file you keep until a set period after completion of the trajectory, based on your policy and the applicable rules, and clear out afterwards.

How long does an administrator keep a file after the administration ends?

Protective administration can run for years or for life. After it ends you keep the final account and justification for an audit and limitation period, after which the file may go. Assess per file whether a running matter is still in play.

Are debt-counselling files special-category personal data?

They contain highly sensitive financial data and sometimes medical or psychosocial information, which is special-category personal data. So treat the file with extra care and destroy it at a fine level.

How do I destroy client files in line with the GDPR?

Confidentially and at a fine level, with a certificate of destruction. Paper and data carriers travel sealed and the destruction is recorded in the record of processing.

Conclusion

A debt-counselling or administration file is among the most sensitive there is, with financial, medical and psychosocial data of vulnerable people. Keep the administration seven years, keep the justification for the audit and limitation period and assess per file whether the trajectory or administration is completed. What may go you have destroyed confidentially at a fine level, with a certificate as proof. That way you do justice to the people behind the files and stand with proof in hand in an audit.

Read also: energy and utilities: destroying customer data, funeral directors: destroying records confidentially, security firms: destroying screening and incident reports and the GDPR retention periods cheatsheet.


Have client files collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.