Jewellers: destroying customer data and the Wwft
A jeweller processes more sensitive data than most shops. Think of customer data and purchase history, valuation and repair receipts and, for large cash payments, a copy of an identity document under the Wwft. On top of that, cameras run in the shop. Part falls under the tax retention obligation, part under the Wwft, and part should be kept as briefly as possible. This guide shows, by part, what you keep, when it may go and how to destroy it confidentially.
In short. You keep the administration for seven years under the tax retention obligation. The client investigation under the Wwft, including the copy of an identity document, you keep for five years after the transaction or the end of the relationship. Customer data and purchase history without a further ground you keep no longer than necessary. CCTV footage you keep about four weeks. What may go disappears confidentially and with a certificate.
Two frameworks side by side
At a jeweller two legal frameworks run together. The Wwft requires you, for cash transactions above the statutory threshold, to carry out client investigation, recording the data and often a copy of the identity document. That record has its own retention period of five years. Alongside this the GDPR applies, which requires not keeping personal data longer than necessary. The Wwft sets the floor for what you must record, the GDPR the ceiling for what you may not keep too long.
So treat the data per type. A Wwft file has a different status than an ordinary till receipt or a loyalty card with purchase history. If you make that distinction, you keep exactly what you must and clear out the rest on time.
Retention periods by part
The period differs per type of data. The overview below gives the main line. Count the tax period from the end of the financial year and the Wwft period from the transaction or the end of the customer relationship.
| Part | Starting point | Period |
|---|---|---|
| Invoicing and administration | Tax retention obligation | 7 years |
| Wwft client investigation | Wwft retention period | 5 years |
| Copy of identity document | Only what the Wwft requires | 5 years, then gone |
| Customer data and purchase history | GDPR storage limitation | purpose-bound |
| Valuation and repair receipts | Purpose-bound + tax | purpose-bound + 7 years |
| Shop CCTV footage | GDPR guideline | about 4 weeks |
Use this as a guideline and not as a substitute for the statutory rules. When in doubt, consult your trade body or privacy adviser. The background to the Wwft period is in Wwft 5-year client investigation.
The Wwft and the copy of the identity document
If you deal in goods and receive a cash payment of 10,000 euro or more, the Wwft prescribes client investigation. You establish the customer's identity and record the data. Often this means you keep a copy or scan of a passport or identity card. Such a copy contains a national ID number, a photo and more than you need for the sale, and is therefore sensitive. Keep only what the Wwft requires and keep it separate from the ordinary shop administration.
After the statutory period of five years, the ground to keep the Wwft file lapses. Destroy the copy confidentially then, instead of leaving it in an old binder. How you handle a copy ID carefully you can read in safely destroying passport and ID copies.
Customer data, purchase history and repair receipts
A jeweller often records what a customer has bought, what size a ring is and what repair or valuation was done. That purchase history is convenient for service, but it remains a collection of personal data that a burglar or fraudster finds valuable. A list of names, addresses and expensive purchases is sensitive. So keep the history no longer than necessary for warranty, service or an ongoing dispute and clear out valuation and repair receipts once the purpose has lapsed.
Keep nothing to come in handy one day, because that is not a valid ground. How you handle customer data on paper and digitally is comparable to a webshop that processes order and customer data.
CCTV footage in the shop
Almost every jeweller puts up cameras against robberies and theft. That footage is personal data, because customers and staff are recognisable on screen. For ordinary security footage the guideline is a retention period of about four weeks. If there is an incident, you may keep the relevant footage longer until the matter is settled. Do not keep months of footage by default without reason.
If you erase the footage after the period, do so really and reliably. If you throw away an old recorder or hard drive, have it physically destroyed. More on the period you can read in CCTV footage retention and destruction.
How to handle it in 6 steps
- Split the data into administration, Wwft file, customer history and CCTV footage.
- Record the client investigation for cash payments above the threshold and keep it separate.
- Limit the copy of the identity document to what the Wwft requires.
- Clear out purchase history and receipts once the purpose lapses.
- Collect what may go in sealed containers, not in the paper bin.
- Have it destroyed confidentially with a certificate and record it in your register.
Destroy confidentially with a certificate
Customer data and Wwft files are destroyed confidentially, because they contain identity, payment and valuable purchase data. The paper and any data carriers travel sealed and stay that way until destruction, so the chain is closed. An old till computer, camera recorder or backup with customer data belongs with it too.
Afterwards you receive a certificate of destruction with the date, quantity and level. That certificate is your proof towards the GDPR that you acted carefully. Record the destruction in your record of processing. We collect within 20 km of Amsterdam with no call-out charge, work nationwide through pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible; it works by appointment through collection.
Customer data to be destroyed?
Tell us what you have and you get a fixed price. We collect it sealed, destroy it at the right DIN level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.
Request a quoteCommon mistakes
- Keeping Wwft copies too long. After five years the ground lapses.
- Keeping purchase history forever. Without a purpose it is a risk in a burglary.
- Keeping CCTV footage for months. The guideline is about four weeks.
- Throwing away unshredded. A customer list on the street is a reportable data breach.
- Keeping no proof. Without a certificate you cannot demonstrate the destruction.
Frequently asked questions
Must a jeweller keep a copy of an identity document for cash payments?
For cash transactions from the statutory threshold of 10,000 euro, the Wwft requires client investigation. You establish the identity and record the data, often with a copy of the identity document. You keep that record for five years and then destroy it confidentially.
How long does a jeweller keep valuation and repair receipts?
The administrative side falls under the seven-year tax retention obligation. The personal data on valuation and repair receipts you keep no longer than necessary for warranty, service or an ongoing dispute. After that you clear it out confidentially.
How long may CCTV footage in the shop be kept?
For ordinary security footage the guideline is about four weeks. In the event of an incident you may keep the relevant footage longer until the matter is settled. After that you erase it reliably or have the data carrier destroyed.
How do I destroy customer data in line with the GDPR?
Confidentially and with a certificate of destruction. Paper and data carriers travel sealed and the destruction is recorded in the record of processing.
Conclusion
A jeweller works with identity, payment and valuable purchase data, between the Wwft and the GDPR. Record the client investigation for large cash payments and keep it for five years, keep the administration for seven years and be restrained with copies of identity documents. Purchase history, valuation and repair receipts you clear out once the purpose lapses and CCTV footage you keep briefly. What may go you have destroyed confidentially with a certificate as proof. That way you meet both frameworks and protect your customers' data.
Read also: drugstores: destroying customer data, trade unions: destroying member data, trade associations: destroying member data and the GDPR retention periods cheatsheet.
Have customer data collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.