Municipalities: destroying citizen data and archive
A municipality manages the archive of a whole city: the population register, benefits, social-care and youth files, taxes, permits and passport applications. Unlike a company, a municipality may not decide for itself what can go. Two regimes determine that together: the Archives Act with its selection list, and the GDPR. This guide shows what must be kept permanently, what is destroyed after the period and how you have that part destroyed confidentially.
The quick answer: a municipality does not destroy archives at its own discretion, but under the selection list from the Archives Act. That appraises each process as permanent retention or destruction after a set period. What must be kept permanently goes to an archival repository and never disappears. What is on the destruction list and whose period has expired you have destroyed confidentially with a certificate.
Two regimes: Archives Act and GDPR
At a municipality two frameworks run together. The Archives Act governs which government information is kept permanently for the collective memory and which is destroyed over time. The GDPR governs that personal data is not kept longer than necessary. Often those two point the same way, but not always, and then the selection list is leading for the question of whether something must be kept or destroyed.
For you as a municipality this means you do not start from a loose period per document, but from the established appraisal per process. That appraisal tells you whether a document eventually goes to the archival repository or is destroyed at some point. Only once that question is answered does execution come into play.
The selection list: keep or destroy
The selection list appraises all the municipality's work processes. Each process gets the appraisal permanent retention or a destruction period. Documents appraised as permanent retention are eventually transferred to an archival repository, such as a regional or city archive, and are never destroyed. Documents with a destruction period are destroyed after that period expires, not earlier and not later than justified.
Destruction at a municipality is a formal act. A destruction list is drawn up of what is to be destroyed, and the destruction takes place with authorisation from the archivist. That way it remains verifiable what was destroyed and on what basis. The actual shredding of that part is the final step, and it is precisely that step that must happen confidentially and demonstrably.
Keep or destroy by type
The overview below gives the main line. The exact appraisal and period are in the selection list that applies to your municipality.
| Type of information | Starting point | Destination |
|---|---|---|
| Decisions, by-laws, council documents | Permanent retention | archival repository |
| Permits with lasting value | Permanent retention | archival repository |
| Benefit files (social assistance) | Destroy after period | destroy confidentially |
| Social-care and youth files | Destroy after period | destroy at fine level |
| Tax and collection documents | Destroy after period | destroy confidentially |
| Travel-document and licence applications | Destroy after period | destroy at fine level |
Use this as a guideline, not a substitute for the selection list. When in doubt about a process, consult your archivist or the established selection list. The general period logic is in the GDPR retention periods cheatsheet.
Social care, youth and other special data
Part of the municipal archive contains special-category personal data. Social-care and youth files concern health, family situation and care, and sometimes the safety of children. This data needs extra protection: fewer people may access it, it is secured separately and as soon as the period has expired it should disappear at a fine level. The national ID number, which runs through the whole archive, deserves that same care.
So treat this part separately in your destruction process. What is on the destruction list and whose period expires travels sealed and is finely shredded, so nothing remains reconstructable. That way you meet the Archives Act and the GDPR at the same time.
How to handle it in 6 steps
- Determine the appraisal per process on the basis of the selection list.
- Separate the permanently retained documents for transfer to the archival repository.
- Draw up a destruction list of what may be destroyed after the period.
- Request authorisation from the archivist for the destruction.
- Have it destroyed confidentially at a fine level, with special care for social care and youth.
- Keep the certificate as proof attached to the destruction list.
Destroy confidentially with a certificate
The part that the selection list allows to be destroyed you have destroyed confidentially at a fine level, because it contains a national ID number and often special data. The paper and any data carriers travel sealed and stay that way until destruction, so the chain is closed. When clearing out old systems, the digital carriers belong with it too.
Afterwards you receive a certificate of destruction with the date, quantity and level. That certificate belongs as proof with the destruction list and demonstrates that the destruction was done carefully and demonstrably. We collect within 20 km of Amsterdam with no call-out charge, work nationwide through pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible; it works by appointment through collection.
Municipal archive to be destroyed after the period?
Tell us what the selection list allows to go and you get a fixed price. We collect it sealed, destroy it at a fine DIN level and you receive a certificate for your destruction list. No call-out charge within 20 km of Amsterdam.
Request a quoteCommon mistakes
- Deciding for yourself what can go. The selection list and the archivist determine that, not the individual department.
- Destroying permanently retained documents. Those belong in the archival repository, not the shredder.
- Treating social-care and youth files as ordinary paper. Special data requires a fine level.
- Disposing of it unshredded. Citizen data on the street is a reportable data breach.
- Keeping no certificate. Without proof the destruction list is not complete.
Frequently asked questions
May a municipality decide for itself what is destroyed?
No. A municipality works with the Archives Act and the selection list. It determines, per type of document, whether it must be kept permanently or destroyed after a set period. Destruction is based on a destruction list and with authorisation from the archivist.
What is the difference between keeping and destroying on the selection list?
The selection list appraises each process. Documents appraised as permanent retention eventually go to an archival repository and are never destroyed. Documents with a destruction period are destroyed after that period expires.
Do extra rules apply to social-care and youth files?
Yes. Social-care and youth files contain special-category personal data on health and family situation. They require extra security, their own retention period and destruction at a fine level as soon as that is allowed.
How does a municipality destroy confidentially?
The documents to be destroyed travel sealed and are shredded at a fine level. Afterwards a certificate of destruction records what was destroyed, when and at which level, as proof attached to the destruction list.
Conclusion
A municipality does not destroy archives at its own discretion, but under the Archives Act and the selection list, with the GDPR alongside. Determine the appraisal per process, transfer permanently retained documents to the archival repository and draw up a destruction list for the rest with authorisation from the archivist. The part to be destroyed, with a national ID number and often special data, you have destroyed confidentially at a fine level, with a certificate as proof. That way you keep what must remain the city's memory and the rest disappears safely.
Read also: childcare: destroying child and parent records, pension funds: destroying member data, destroying election material and ballot papers and the GDPR retention periods cheatsheet.
Have a municipal archive collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.
Related sector guides: Libraries: destroying borrowing and member data.