Moving companies: destroying customer data
A moving company processes data that is surprisingly sensitive: a customer's old and new address, an inventory list of what is in the house, quotes and contracts, payment data and sometimes a storage contract. A mover thereby knows exactly what someone owns and where they now live. An old customer file on the street is not just a data breach, but also a burglary risk. This guide shows, by part, what you keep, when it may go and how to destroy it confidentially.
The quick answer: the administration you keep for seven years for the tax retention obligation. Quotes, inventory lists and address data you keep no longer than necessary for the job and a possible complaint. Storage contracts run longer, until the storage has ended. What may go disappears confidentially and with a certificate.
Why moving data is extra sensitive
A moving company's data looks everyday, but together it paints a complete picture. An inventory list shows what someone owns, from expensive equipment to a safe. The old and new address show that someone has moved and where they now live. For a bad actor that is a golden combination. So a moving file never belongs unshredded in the paper bin, even when it is years old.
The GDPR requires storage limitation, and here that weighs double. You keep the data no longer than necessary for the job and its settlement, and clear it out carefully afterwards. Only the tax administration has a fixed period of seven years.
Retention periods by part
The period differs per type of data. The overview below gives the main line. Count the tax period from the end of the financial year and the other periods from the completion of the move.
| Part | Starting point | Period |
|---|---|---|
| Invoicing and administration | Tax retention obligation | 7 years |
| Old and new address data | Until completion and complaint | purpose-bound |
| Inventory list | Sensitive, storage limitation | clear out after job |
| Quote and contract | Until settlement and tax | purpose-bound + 7 years |
| Storage contract | While the storage runs | + tax period |
| Key and access notes | Highly sensitive | clear out at once |
Use this as a guideline, not a final legal ruling. When in doubt about a specific file, consult your privacy adviser. The tax side is in the 7-year tax retention obligation.
Inventory lists and key notes separately
The inventory list and any key or access notes are the most sensitive parts. An inventory list hints at valuable items, and a note about a key or an alarm code is a direct security risk. Keep that information recognisably separate, use it only for the job and clear it out at once as soon as the move is completed. Certainly do not keep key data longer than strictly necessary.
That way you avoid a file you needed only for a move remaining a risk for years. Whatever you had on paper travels sealed for destruction.
Storage and long-running contracts
Many moving companies also offer storage. A storage contract often runs much longer than a move and again contains address and inventory data. As long as the storage runs, there is a valid purpose to keep the contract. As soon as the storage has ended and the tax period has expired, that purpose lapses. Assess per contract whether the storage really has ended before anything goes, and clear it out confidentially afterwards.
How to handle it in 6 steps
- Split the file into administration, address and inventory data, contracts and storage.
- Treat the inventory list and key notes separately and clear them out after the job.
- Assess per storage contract whether the storage has ended and the period expired.
- Keep the administration for the tax period.
- Collect what may go in sealed containers, not in the paper bin.
- Have it destroyed confidentially with a certificate and record it in your register.
Destroy confidentially with a certificate
Moving files are destroyed confidentially, because they contain address, inventory and sometimes key data. The paper and any data carriers travel sealed and stay that way until destruction, so the chain is closed. An old scheduling computer or backup with customer data belongs with it too.
Afterwards you receive a certificate of destruction with the date, quantity and level. That certificate is your proof towards the GDPR that you acted carefully. If you are moving an office yourself, office move: what to destroy shows how to approach it. We collect within 20 km of Amsterdam with no call-out charge, work nationwide through pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible; it works by appointment through collection.
Moving files to be destroyed?
Tell us what you have and you get a fixed price. We collect it sealed, destroy it at the right DIN level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.
Request a quoteCommon mistakes
- Keeping inventory lists forever. After the job the purpose lapses and only the risk remains.
- Throwing away address data unshredded. An old and new address on the street is a burglary risk.
- Leaving key and access notes lying around. Those should be cleared out at once.
- Forgetting storage contracts. After the end of the storage the file should go.
- Keeping no proof. Without a certificate you cannot demonstrate the destruction.
Frequently asked questions
How long does a moving company keep customer data?
The invoicing and administration fall under the seven-year tax retention obligation. Quotes, inventory lists and address data you keep no longer than necessary for the job and a possible complaint, after which you clear them out confidentially.
Why is an old moving file extra sensitive?
A moving company knows exactly what someone owns and where they now live. An old file with an inventory list and the new address on the street is not just a data breach, but also a burglary risk. So destroy carefully.
How long do I keep a storage contract?
A storage contract you keep while the storage runs and then for the tax period. As soon as the storage has ended and the period has expired, the purpose lapses and you clear it out confidentially.
How do I destroy moving files in line with the GDPR?
Confidentially and with a certificate of destruction. Paper and data carriers travel sealed and the destruction is recorded in the record of processing.
Conclusion
A moving company knows what people own and where they live, which makes the customer data extra sensitive. Keep the administration seven years, keep quotes and inventory lists while the job runs and treat key and access notes separately. Storage contracts you clear out as soon as the storage has ended. What may go you have destroyed confidentially with a certificate as proof. That way you prevent an old file from becoming a data breach and a burglary risk.
Read also: taxi companies: destroying ride data, car rental and leasing: destroying customer data, parking management: destroying licence-plate data and the GDPR retention periods cheatsheet.
Have moving files collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.
Related guides: Coach companies: destroying passenger data.
Also relevant: Equipment rental: destroying contracts and customer data.