HomeKnowledge base › Museums and donor data
Museums

Museums: destroying donor and ticket data

A museum's donor and membership records ready for confidential destruction

A museum processes far more personal data than just a ticket. The friends and members administration, donors and bequests, ticket and reservation data, membership cards, school visits with children's data and the CRM for fundraising all come together. Part falls under the tax retention obligation, part is precisely sensitive and should be kept as briefly as possible. This guide shows, by part, what you keep, when it may go and how to destroy it confidentially.

The quick answer: the financial administration you keep for seven years for the tax retention obligation. The membership records and donor data you keep while the relationship runs and for a short period afterwards. Data about bequests and gifts is sensitive and you treat it separately. What may go disappears confidentially and with a certificate.

Why a museum manages sensitive data

A museum seems to be mostly about art and collection, but around the organisation it is about people. The friends and donors are the financial base, and their data is about more than a name. The size of a gift, a pledge for a legacy or a conversation about a bequest says something about a person's financial situation and personal wishes. That makes this information sensitive, even though it contains no medical or criminal detail.

In addition you process ticket and reservation data, data of school classes with children and sometimes accessibility needs. The GDPR requires storage limitation, and with donor and children's data that weighs heavily. Do not keep longer than necessary and destroy so that nothing remains reconstructable.

Retention periods by part

The period differs per type of data. The overview below gives the main line. Count the tax period from the end of the financial year and the other periods from the end of the relationship or the visit.

PartStarting pointPeriod
Financial administrationTax retention obligation7 years
Friends and membership recordsWhile membership runs+ short period
Donor and bequest dataSensitive, storage limitationdestroy finely
Ticket and reservation dataUntil settlementpurpose-bound
School visits (children)Extra protectionclear out after visit
Correspondence and draftsNo retention obligationclear out at once

Use this as a guideline, not a final legal ruling. When in doubt about a specific file, consult your data protection officer or adviser. The tax side is in the 7-year tax retention obligation.

Treating donors and bequests separately

The data about donors and bequests is the most sensitive. Who gives what amount, who has pledged a legacy or with whom a conversation about a gift is ongoing, is information you manage carefully and do not share widely. Keep this data recognisably separate, allow it only to those who need it and destroy it at a fine level once the purpose has lapsed. That way you avoid an old donor list with gift amounts lingering for years.

Fundraising and CRM run on consent and on a clear purpose. If that purpose lapses, for example because a donor unsubscribes, you clear out the data. Keeping it to send a request one day is not a valid ground without consent.

School visits and children's data

Education is a core task of many museums, and school visits bring children's data along: class lists, contact details of supervisors and sometimes an accessibility need. Data of children enjoys extra protection under the GDPR. Use it only for the visit and clear it out afterwards. That way you do not keep a database of children's data that no longer serves a purpose.

How to handle it in 6 steps

  1. Split the data into administration, membership records, donors and ticket data.
  2. Treat donor and bequest data separately and at a fine destruction level.
  3. Clear out school-visit data as soon as the visit is completed.
  4. Assess per relationship whether the membership has ended and the short period is past.
  5. Collect what may go in sealed containers, not in the paper bin.
  6. Have it destroyed confidentially with a certificate and record it in your register.

Destroy confidentially with a certificate

Donor, member and ticket data is destroyed confidentially, because it contains financial and sometimes sensitive information. The paper and any data carriers travel sealed and stay that way until destruction, so the chain is closed. An old membership-administration computer or backup with donor data belongs with it too.

Afterwards you receive a certificate of destruction with the date, quantity and level. That certificate is your proof towards the GDPR that you acted carefully. Record the destruction in your record of processing. We collect within 20 km of Amsterdam with no call-out charge, work nationwide through pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible; it works by appointment through collection.

Donor or ticket data to be destroyed?

Tell us what you have and you get a fixed price. We collect it sealed, destroy it at the right DIN level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.

Request a quote

Common mistakes

  • Keeping old donor lists just in case. Without a purpose they should be cleared out.
  • Treating bequest data as ordinary administration. Gift amounts and legacies are sensitive.
  • Keeping children's data from school visits. You clear that out after the visit.
  • Throwing away unshredded. A donor list on the street is a reportable data breach.
  • Keeping no proof. Without a certificate you cannot demonstrate the destruction.

Frequently asked questions

How long does a museum keep donor and member data?

The financial administration falls under the seven-year tax retention obligation. Membership records and donor data you keep while the membership or relationship runs and for a short period afterwards, after which you clear them out confidentially.

Is data about bequests sensitive?

Yes. Information about a legacy, a gift or the size of a donation says a lot about a person's financial situation and wishes. Treat that data with extra care and destroy it at a fine level once the purpose has lapsed.

How long do I keep ticket and reservation data?

Ticket and reservation data you clear out as soon as the visit has been settled and there is no longer a purpose, such as a complaint or refund. The payment data falls under the seven-year tax administration.

How do I destroy museum data in line with the GDPR?

Confidentially and with a certificate of destruction. Paper and data carriers travel sealed and the destruction is recorded in the record of processing.

Conclusion

A museum manages donor, member and ticket data and sometimes children's data, with financial and personal information mixed together. Keep the administration seven years, keep the membership records while the relationship runs and treat donor and bequest data separately. School-visit data you clear out after the visit. What may go you have destroyed confidentially at a fine level, with a certificate as proof. That way you protect the people behind the collection.

Read also: libraries: destroying borrowing data, political parties: destroying member data, religious organisations: destroying member registers and the GDPR retention periods cheatsheet.


Have donor or ticket data collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.