HomeKnowledge base › Energy and utilities record destruction
Energy

Energy and utilities: destroying customer data

An energy company's customer and meter files ready for confidential destruction

An energy supplier, grid operator or utility company manages the data of hundreds of thousands of households: contracts, meter readings, consumption profiles, payment and collection files and connection data. Part falls under the tax retention obligation, part is extra sensitive and should be kept as briefly as possible. This guide shows, by type of data, what you keep, when it may go and how to destroy it confidentially.

The quick answer: invoicing and administration you keep for seven years for the tax retention obligation. Contract and customer data you keep while the contract runs and while an obligation is still in play. Detailed consumption data and collection files you keep as briefly as possible. What may go disappears confidentially and with a certificate.

Why energy data needs extra care

Energy data looks dull, but says surprisingly much. Detailed consumption data from a smart meter shows when someone is home, when a household sleeps and whether anyone is on holiday. That makes this data sensitive, even though it contains no medical or criminal detail. In addition, a customer file often holds payment data, an address and sometimes information about payment problems.

The GDPR requires storage limitation, and with consumption data that weighs heavily. At the same time the administration carries a tax retention obligation and long limitation periods sometimes apply to collection. The art is to know the right period per type of data instead of keeping everything the same length.

Retention periods by type of data

The period depends on the type of data. The overview below gives the main line. Count the tax period from the end of the financial year and the other periods from the end of the contract or the settlement.

Type of dataStarting pointPeriod
Invoicing and administrationTax retention obligation7 years
Contract and customer dataWhile the contract runs+ running obligation
Meter readings for billingTied to invoicing7 years
Detailed consumption dataSensitive, storage limitationas briefly as possible
Collection and arrears fileUntil settlement and limitationpurpose-bound
Connection and technical dataWhile the connection exists+ aftercare

Use this as a guideline, not a final legal ruling. When in doubt about a specific file, consult your data protection officer or legal adviser. The tax side is in the 7-year tax retention obligation.

Consumption data and the smart meter

Detailed consumption data is the most sensitive part of an energy file. The finer the measurement, the more it says about a household's daily life. So keep this data as briefly as possible and no longer than needed for billing or another concrete ground. What you needed for invoicing can often be reduced to a periodic meter reading once the detailed series has served its purpose.

Keep consumption data recognisably separate from ordinary administration in your systems. That way you avoid detailed profiles travelling along for years with a customer file kept for another reason. On destruction, the data carriers this data has been on belong with it too.

Collection and arrears files

When payment problems arise, a collection file is created with sensitive information about a customer's financial situation. You keep such files until the claim has been fully settled and the limitation period has expired. After that the purpose lapses and they should go. Keeping just in case is not a valid ground under the GDPR.

Clear these files out confidentially, not into the paper bin, because they contain payment data and information about debts. Customers with payment problems sometimes also appear in debt counselling, on which you read more in debt counselling and administration: destroying client files.

How to handle it in 6 steps

  1. Split the customer file into administration, consumption data and collection.
  2. Note the period per part, counted from financial year, contract or settlement.
  3. Limit consumption data to what the purpose requires and keep it separate.
  4. Assess collection files for settlement and limitation.
  5. Collect what may go in sealed containers, not in the paper bin.
  6. Have it destroyed confidentially with a certificate and record it in your register.

Destroy confidentially with a certificate

Energy files are destroyed confidentially, because they contain payment data, addresses and sensitive consumption profiles. The paper and the data carriers travel sealed and stay that way until destruction, so the chain is closed. In a system migration or when clearing out old servers, the digital carriers belong with it too.

Afterwards you receive a certificate of destruction with the date, quantity and level. That certificate is your proof towards the GDPR and the regulator that you acted carefully. Record the destruction in your record of processing. We collect within 20 km of Amsterdam with no call-out charge, work nationwide through pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible; it works by appointment through collection.

Energy files to be destroyed?

Tell us what you have and you get a fixed price. We collect it sealed, destroy it at the right DIN level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.

Request a quote

Common mistakes

  • Keeping everything the same length. Administration, consumption data and collection have different periods.
  • Keeping consumption profiles too long. Detailed data should be kept as briefly as possible.
  • Keeping collection files just in case. After settlement and limitation the purpose lapses.
  • Throwing away unshredded. Payment data on the street is a reportable data breach.
  • Keeping no proof. Without a certificate you cannot demonstrate the destruction.

Frequently asked questions

How long does an energy company keep customer data?

Invoicing and administration fall under the seven-year tax retention obligation. Contract and customer data you keep while the contract runs and afterwards for running obligations, after which it may go.

Is smart-meter consumption data sensitive?

Yes. Detailed consumption data shows when someone is home and how a household lives. You keep that data as briefly as possible and no longer than the purpose requires.

How long do I keep a collection or arrears file?

Until the claim has been settled and the limitation period has expired. After that the purpose lapses and you clear the file out confidentially, not into the paper bin.

How do I destroy energy files in line with the GDPR?

Confidentially and with a certificate of destruction. Paper and data carriers travel sealed and the destruction is recorded in the record of processing.

Conclusion

An energy company manages data that reveals more than it seems, from consumption profiles to payment problems. So do not treat the customer file as a whole. Keep the administration seven years, limit detailed consumption data to what the purpose requires and clear out collection files as soon as they are settled. What may go you have destroyed confidentially with a certificate as proof. That way you keep nothing too long and stand with proof in hand in an audit or breach.

Read also: funeral directors: destroying records confidentially, security firms: destroying screening and incident reports, debt counselling and administration: destroying client files and the GDPR retention periods cheatsheet.


Have energy files collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.