Law firm file management: the full lifecycle through to destruction
File management at a law firm is more than a tidy archive cabinet. It is the whole lifecycle of a matter file, from opening it at intake through file building, access control and retention to confidential destruction at the end. A firm that designs that cycle from start to finish meets the bar rules, keeps the GDPR sound and keeps confidentiality intact. This article walks through each stage.
Many firms think of file management mainly as the stage in which a file is created and maintained. The last stage, clearing out and destroying closed files, gets less attention. Yet that is exactly the stage where disciplinary and GDPR risks come together. Good file handling therefore starts with a plan for the whole life of the file, including the end.
What is good file management?
Good file management means you know at any moment which documents you have, where they are, who may access them and how long they still need to be kept. For a law firm that is not a luxury but a professional duty. A file that cannot be found endangers the client's interests. A file that stays too long becomes a GDPR risk. File management connects both sides in a working method you can explain to a client, to the bar or to the data protection authority.
For a law firm, document management is also a shared responsibility. Several lawyers and support staff work on the same files, often across years. A method that lives only in the head of an experienced assistant disappears the moment that person leaves. Good file management makes the agreements explicit, so a new team member understands within a day how a file is opened, kept and eventually destroyed. That transferability is precisely what a supervisor or the bar wants to see.
The lifecycle of a file
A matter file goes through a fixed sequence of stages. It is opened at intake, it grows during handling, it is closed after the last procedural act, it goes into the archive for the retention period and it is destroyed at the end. Each stage has its own requirements. A firm that sets up the early stages well makes the final stage simple. A file that was named and dated well from the start can later be selected for destruction without any discussion.
Paper versus digital files
Most firms work in a hybrid way. The matter administration sits digitally in a file system, while original deeds, signed settlement agreements and exhibits lie on paper in the cabinet. File management must cover both flows. It is a misconception that a digital firm no longer destroys paper. The paper originals are precisely what require careful destruction at the end. And the digital side has its own problem, because old drives and backups still hold personal data that must also be made illegible.
The bar rules in outline
The Dutch Advocatenwet, the bar regulation (Voda) and the conduct rules of the NOvA form the framework. They require availability of documents, confidentiality and security of the archive. File management is the practical implementation of that. We will not cover every rule here, because the detail is in our separate articles on the NOvA conduct rules and file handling and on Voda 16 and access control of the archive. For this overview what matters is that the framework touches the whole cycle, not only the handling.
Stage 1: opening the file at intake
File management begins at intake. The moment you accept an instruction, you open a file with a unique number, the client's name, the matter type and the lawyer in charge. A good start determines a lot. Intake also includes the client due diligence for matters that fall under anti-money-laundering rules. The data you gather there gets its own retention period. A firm that records the matter type when opening can later attach the right period without having to assess the file again.
Stage 2: file building and naming
During handling the file grows. Good file building means correspondence, procedural documents and notes are named and dated consistently. A fixed folder structure per matter type prevents documents from getting lost or being stored twice. This is the heart of file handling. It pays to agree on naming, version control and the place of originals. The tighter the file building, the easier you later determine what may go and what must return to the client.
Stage 3: access control
Confidentiality requires that only authorised people can reach a file. For paper that means a lockable archive, for digital files it means rights management and logging. The Voda sets concrete requirements here. Access control applies not only to active files but also to the archive of closed matters, which often stands for years. A full archive of old files is an attractive target. The detail on securing that archive is in our article on Voda 16 and access control.
Stage 4: setting retention periods
After closure the retention period begins. It differs per matter type. There is no single central law that prescribes one period for all lawyer files. Practice works with a combination of sources, from the general NOvA line to the seven-year tax retention duty for time records and invoices. For matters with client due diligence the anti-money-laundering period of five years after the end of the relationship applies. Set a period per matter type. An overview of common periods is in the GDPR retention periods cheatsheet.
When may a file be destroyed?
A file may only go once the retention period has passed and no live matter is attached to it. Before destruction you check that there is no disciplinary complaint, appeal or pending proceeding. Original deeds and certified documents go back to the client first. Files involving minors are often kept longer. The trade-off between destroying too early and too late we cover in detail in our article on destroying the lawyer file at end of case. Destroying too early is disciplinary culpable, too late is a GDPR breach.
Stage 5: archiving for the retention period
Between closure and destruction sits the archive stage. Here the file sometimes lies dormant for years. Good archiving means every file has a destruction date, so it does not stay indefinitely. Boxes that stand only in order of closure get forgotten. A simple period card per box or per file makes the difference. So the clear-out at the end becomes a routine rather than a search. The archive also stays compact, which benefits security and cost.
Stage 6: confidential destruction
The final stage is the destruction itself. Confidential files leave the office sealed and are destroyed to the right DIN level. For paper with personal data DIN 66399 P-4 is the minimum, for special data such as medical or criminal documents we advise P-5. The chain from collection to destruction stays closed, so no file goes missing on the way. That closed chain is called the chain of custody. We collect the files at your office. You do not have to bring anything yourself. The choice between P-4 and P-5 depends on the sensitivity of the documents in the file.
Digital data carriers in the same collection
File management does not stop at paper. Old hard drives, matter laptops, USB sticks and backup tapes from closed matters often still hold personal data. Those data carriers go in the same collection. Each carrier is destroyed to the right level, with the serial numbers on the certificate so the proof is traceable to the specific carrier. So in one go you clear out both the paper and the digital remains of closed matters. That prevents an old backup from lingering somewhere with data that should long have been gone. Those forgotten carriers are the biggest risk in a data breach, because nobody remembers exactly what is on them.
The certificate of destruction
After destruction you receive a certificate of destruction. It states the date, the quantity and the level applied. For data carriers the serial numbers are listed. This certificate is your proof towards the bar, an auditor or the data protection authority. Keep it in the firm file or in a fixed digital folder. Should a question or claim arise after destruction, the certificate shows the destruction took place in line with policy and period. Without proof, destruction becomes a vulnerability.
GDPR demonstrability
The GDPR asks not only that you clear out, but that you can show it. The accountability principle in article 5(2) applies to the whole life of personal data. A file past its period that was not demonstrably destroyed is a weak spot. The certificate, a note in the record of processing and a short destruction policy together form the proof that your file management is sound. For a law firm, GDPR demonstrability coincides with the disciplinary care you must already be able to show.
The practical advantage is that you cover both duties in one go. The same list of destroyed files, with date and certificate number, serves as proof towards the data protection authority and as accountability towards the bar. You do not need a separate administration for the GDPR alongside your file system. By recording the destruction at the moment it takes place, the proof stays current without having to be reconstructed later. Reconstruction afterwards is hard and rarely complete.
What does file destruction cost?
You pay a fixed price in advance, no loose rates afterwards. The amount depends on the quantity, from about 30 euro for the first box. For data carriers it is settled per item, with serial-number registration included. The certificate is always included in the price. Within 20 km of Amsterdam we charge no call-out fee. Beyond that radius we work nationwide via pooled routes, so a firm further away can also be served at a fair price. The full pricing is in archive destruction cost.
Common mistakes
- No destruction date per file. Without an end date everything stays indefinitely.
- Too low a DIN level. For special data P-5 is needed, not P-2.
- Destroying originals. Deeds and certified documents belong back with the client first.
- Forgetting the digital side. Old drives and backups otherwise stay behind with data.
- Not keeping a certificate. Without proof you cannot show the destruction.
File management step by step
- Open every file with number, client, matter type and handler.
- Build the file with fixed naming and a folder structure.
- Secure access for both active files and the archive.
- Attach a retention period and a destruction date per file.
- Check before destruction for live matters and originals.
- Have it collected sealed and destroyed to the right level.
- Keep the certificate in the firm file as proof.
A real-world example
Imagine a mid-sized law firm clears its archive for the first time in years. A staff member makes a list of all files past their period, sorted by matter type. Per file a last check follows for disciplinary complaint and pendency. The original deeds then go back to the clients involved. The remaining boxes move to a collection point. With them come three old matter laptops and a stack of backup tapes from closed matters. We collect everything sealed in one collection, destroy the paper at P-5 and the data carriers at material level. The firm receives a certificate with the serial numbers and archives it with the record of processing. In half a day, years of backlog are cleared, with conclusive proof.
An archive round for your law firm?
Tell us what is there and you get a fixed price in advance. We collect the files sealed, destroy paper and data carriers to the right level and you receive a certificate as proof. No call-out fee within 20 km of Amsterdam, nationwide via pooled routes.
Request a quoteFrequently asked questions
What is file management at a law firm?
File management is handling a matter file across its whole lifecycle, from opening the file at intake through file building, access control and retention to the final confidential destruction with a certificate.
When may a lawyer file be destroyed?
Only after the retention period, which differs per matter type, often at least five years after closure. Original documents go back to the client first and live matters stay retained.
At what DIN level are lawyer files destroyed?
For confidential files with personal data, DIN 66399 P-4 is the minimum. For special data such as medical or criminal documents we advise P-5.
Can old hard drives and backups go too?
Yes. Digital data carriers such as old drives, laptops and backup tapes from closed matters go in the same collection, each destroyed to the right level with serial numbers on the certificate.
Do I get proof of the destruction?
Yes. After destruction you receive a certificate of destruction with the date, quantity and level, which you keep in your firm file as proof for the GDPR and the bar.
Do you collect the files?
Yes. We collect the files sealed at your office within 20 km of Amsterdam with no call-out fee, and nationwide via pooled routes. There is always a fixed price in advance.
Conclusion
Good file management at a law firm is a chain that runs from intake to destruction. A firm that names every file well when opening it, attaches a retention period and secures access makes the clear-out at the end simple and demonstrable. The last link is the confidential destruction of paper and data carriers, with a certificate as proof. That way you meet the NOvA conduct rules, the Voda and the GDPR in one working method. File handling is then not an administrative burden but a form of careful management.
Have files destroyed? Request a quote via desnipperaar.nl or read when you may destroy the lawyer file at end of case. You receive a certificate as proof.
More from our knowledge base: Bailiffs: destroying attachment files.