HomeKnowledge base › Insurers and file destruction
Insurers

Insurers: destroying claim and policy files

An insurer's claim and policy files ready for confidential destruction

An insurer, authorised agent or brokerage manages mountains of sensitive data: policy files, claims, medical underwriting, benefits and fraud files. Each has its own retention period and its own risk. Keep it too long and you hold personal data without a purpose. Keep it too short and you are left empty-handed in a claim or audit. This guide shows, by file type, what you keep, when it may go and how to destroy it confidentially.

The quick answer: there is no single fixed period for insurance files. Keep the administration for at least seven years for the tax retention obligation, keep claim files until the claim's limitation period has expired, and treat medical underwriting data as special-category personal data. What may go after that disappears confidentially and with a certificate.

Why insurance files need extra care

Insurance files are not ordinary administration. A claim file often contains a national ID number, financial data, sometimes medical information and data of third parties such as witnesses or counterparties. With life and disability insurance, health data from medical underwriting is added. That makes an insurance archive one of the most sensitive there is, and a data breach in it correspondingly damaging.

So here it counts double that you do not keep longer than necessary. The GDPR requires storage limitation, and with this data that weighs heavily. At the same time the sector has long limitation periods and liability risks, which makes destroying too early risky as well. The art is to know the right period per file type.

Retention periods by file type

The period depends on the file type and on what it contains. The overview below gives the main line. Count tax periods from the end of the financial year and limitation periods from the settlement of the claim.

File typeStarting pointPeriod
Administration and bookkeepingTax retention obligation7 years
Policy file, running insuranceKeep while the policy runs+ limitation
Claim file after settlementUntil limitation has expiredoften a few years
Medical underwriting dataSpecial-category datapurpose-bound
Client due diligence (AML or conduct)After the relationship ends5 years
Fraud and incident dataOwn protocol and registerdiffering

Use this as a guideline, not a final legal ruling. The exact limitation period differs per insurance type and situation. When in doubt about a specific file, consult your compliance department or legal adviser. The tax side is in the 7-year tax retention obligation.

Medical underwriting data and other special categories

Health data from medical underwriting, a medical examination or a disability claim is special-category personal data. Stricter rules apply: fewer people may access it, it is secured separately and as soon as the purpose has expired it should disappear. On destruction that means a fine level, because this data must under no circumstances remain reconstructable.

Keep this category recognisably separate from ordinary administration in your archive. That way you avoid a whole file inheriting the longest period of its most sensitive document, and you can destroy the medical data specifically as soon as that is allowed. Set out in your policy who has access and at what level destruction takes place.

AML, conduct rules and the five-year period

If you fall under anti-money-laundering or conduct-of-business rules as an insurer, authorised agent or intermediary, a five-year retention period applies to client due diligence after the relationship ends. That period is separate from the seven-year tax period and from the limitation of a claim. In practice it means a file can carry several periods at once, each for a different part.

So split the file into parts with their own end date, just as with a personnel file. That way you keep the client due diligence for its five years, the administration for its seven and the rest shorter. More on these periods in the AML five-year client due diligence and conduct-of-business files kept for 5 years.

Fraud and incident data

Insurers keep fraud and incident data, often in an internal incident register and sometimes in a sector-wide system. Own protocols and periods apply to this data, which can differ from ordinary retention periods. Treat it separately and follow the protocol that applies to your organisation, because here in particular both too long and too short are sensitive.

Whatever falls outside those protocols and whose purpose has expired should, like the rest, be destroyed confidentially. Record the destruction in your record of processing, so you can demonstrate what disappeared when and at which level.

How to handle it in 6 steps

  1. Split each file into parts and note the end date per part.
  2. Mark the special data, such as medical underwriting data, separately.
  3. Keep the AML and conduct periods for client due diligence.
  4. Assess claim files for limitation and running claims.
  5. Collect what may go in sealed containers, not in the paper bin.
  6. Have it destroyed confidentially with a certificate and record it in your register.

Destroy confidentially with a certificate

Insurance files are destroyed confidentially at a fine level, because they often contain a national ID number, financial and medical data. The paper and any data carriers travel sealed and stay that way until destruction, so the chain is closed. In a system migration or when clearing out old servers, the digital carriers belong with it too.

Afterwards you receive a certificate of destruction with the date, quantity and level. That certificate is your proof towards the GDPR and the regulator that you acted carefully. Record the destruction in your record of processing. We collect within 20 km of Amsterdam with no call-out charge, work nationwide through pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible; it works by appointment through collection.

Insurance files to be destroyed?

Tell us what you have and you get a fixed price. We collect it sealed, destroy it at a fine DIN level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.

Request a quote

Common mistakes

  • Keeping a file on a single period. Different parts have different end dates.
  • Not treating medical data separately. Special-category data needs extra security and a fine destruction level.
  • Forgetting the AML period. Client due diligence has its own five-year period.
  • Throwing away unshredded. A claim file on the street is a reportable data breach.
  • Keeping no proof. Without a certificate you cannot demonstrate the destruction.

Frequently asked questions

How long must an insurer keep a claim file?

There is no single fixed period. Keep the administration for at least seven years for the tax retention obligation and the file until the claim's limitation period has expired, often a few years after settlement. If there is a running claim or dispute, you keep it longer.

Is medical underwriting data special-category personal data?

Yes. Health data from medical underwriting or a disability claim is special-category personal data. It requires extra security and destruction at a fine level as soon as the purpose has expired.

Do the AML periods apply to authorised agents?

For parties under anti-money-laundering or conduct-of-business rules a five-year retention period applies to client due diligence after the relationship ends. That is separate from the seven-year tax period and the limitation of a claim.

How do I destroy insurance files in line with the GDPR?

Confidentially and at a fine shred level, with a certificate of destruction as proof. Paper and data carriers travel sealed and the destruction is recorded in the record of processing.

Conclusion

An insurance archive is one of the most sensitive there is, with national ID numbers, financial and medical data mixed together. There is no single period that applies everywhere. Split each file into parts, keep the tax seven years and the AML five years, assess claim files for limitation and treat medical data separately. What may go after that you have destroyed confidentially at a fine level, with a certificate as proof. That way you keep nothing too long and nothing too short, and stand with proof in hand in an audit or breach.

Read also: childcare: destroying child and parent records, pension funds: destroying member data, AML five-year client due diligence and the GDPR retention periods cheatsheet.


Have insurance files collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.