HomeKnowledge base › Personnel file offboarding checklist
HR

Personnel file offboarding checklist: what to keep, destroy and when

Offboarding checklist for the personnel file when an employee leaves

When an employee leaves, work on the personnel file does not stop. That is exactly when a fixed sequence of steps begins: deciding what you still have to keep, what may go immediately, retrieving company devices, revoking access and scheduling a destruction date for the rest. This offboarding checklist walks through those steps, so that under the GDPR you keep nothing too long and throw nothing away too soon.

Many employers now know how to destroy a file. What more often goes wrong is the moment around the departure itself. The final salary is paid, the laptop sits in a cupboard and the folder of papers slides into an archive box that stays there for years. That way you keep personal data without a purpose, which is precisely what the GDPR does not want.

A quick check first. Can you answer yes to each of these?

  • Do you know the retention period for each part of the file?
  • Do you have the company laptop, phone and keys back?
  • Have all accounts and access passes been revoked?
  • Is there a date in the calendar on which the rest may be destroyed?
  • Will you receive a certificate as proof of that destruction?

If you hesitate anywhere, the sections below walk through the whole offboarding step by step.

Offboarding is more than closing a file

Offboarding is the whole set of actions around an employee leaving. It covers the final settlement, the handover of work, retrieving belongings and cleaning up data. This article focuses on that last part, the data side of the personnel file. The destruction itself, meaning which DIN level and which method, is in our pillar on destroying the personnel file. Here it is about the working method around it, so that the file is wound down at the right moment and in the right way.

Why a fixed checklist pays off

Without a fixed working method, offboarding depends on whoever happens to remember it. In a busy period or with a departing HR colleague, a file then lies untouched for years. The GDPR requires storage limitation, you do not keep personal data longer than needed. A checklist turns that duty into a routine. At every departure you go through the same steps, record what you do and automatically build proof that you act carefully. That is called demonstrable conduct, and you read more about it in demonstrable destruction for the GDPR.

A checklist also protects against the opposite risk, throwing things away too soon. Anyone working without fixed steps sometimes destroys a document that must be kept for years. At a tax inspection or an employment dispute you are then empty-handed. The checklist forces you to look first, per part, at what must stay before anything goes into the shredder. That way you avoid both mistakes with the same routine.

Step 1: split the file into parts

The biggest error of thinking is treating the personnel file as one whole. It is not a single document with a single period, but a collection of documents that each have their own retention period. An employment contract falls under the tax retention obligation, an appraisal report under GDPR storage limitation and a copy of the identity document under payroll tax. If you treat the file as a block, you keep everything as long as the document with the longest period. That is exactly too long for the largest part.

So split the file into parts and note, per part, the end date of the period. That does not have to be a complicated system. A short list per former employee, with the leaving date as the starting point, is enough to know later what may go when.

What you must keep and for how long

A number of parts must be kept for years after the departure, because a law requires it. The payroll and salary records fall under the tax retention obligation of seven years. The copy of the identity document you keep for five years after the end of employment. Payroll tax statements and data on the payroll tax credit belong in that same tax category. Absence and occupational health data usually run via the occupational health service and have their own period.

Most other HR documents, such as correspondence, appraisal reports and review notes, you may keep shorter. In practice about two years after the departure is common, because until then you may still face a claim or a dispute. The precise periods per part are in our GDPR retention periods cheatsheet. What matters is that you know the period per part, because keeping things just to be safe is not a valid basis under the GDPR.

What you may destroy immediately

Not everything in the file has a retention obligation. Working notes, duplicate copies, old contract drafts, printouts you only needed temporarily and documents whose purpose has lapsed may be cleared out immediately at departure. The same applies to applicant data that ended up in the file by mistake and is already past its period. By doing this straight away you keep the file thin and prevent old documents from travelling along for years.

Clearing out immediately does not mean throwing it in the waste paper. These documents too contain personal data and belong in confidential destruction. Collect them in a sealed box or bin and hand them over in a collection, together with the parts whose period lapses later.

The keep-or-destroy table

The overview below helps with the splitting. Count the period each time from the end of employment.

PartKeep or destroyPeriod
Payroll and salary recordsKeep7 years (tax retention)
Copy identity documentKeep5 years
Payroll tax statementKeep5 years
Employment contractKeep7 years (payroll records)
Appraisal and review reportsDestroy after periodapprox. 2 years
Correspondence and notesDestroy after periodapprox. 2 years
Absence and occupational health dataKeep (via OH service)own period
Working notes, drafts, duplicate copiesDestroy immediatelyno retention obligation

Use this as a guideline, not as a final legal verdict. If in doubt about a specific part, consult your payroll administrator or HR adviser.

Step 2: retrieve company devices and data carriers

A departing employee often takes more than memories. A company laptop, a phone, USB sticks, an external drive, access passes and keys belong back before the last working day. Make this a fixed return list and tick off what is in. Whatever is missing is an open end in your security.

Laptops, phones and sticks often hold personal data, email and documents. If a device is reused, you have it carefully wiped before a next employee gets it. If it is not reused, destroying the data carrier is the safest choice. How that works and what it costs is in having hard drives shredded. Feel free to hand over data carriers in the same collection as the paper, each destroyed at the right level.

Step 3: revoke access and accounts

Protecting data also means closing the digital doors. On the last working day, revoke the accounts, block the email or set a forward for business messages and remove the employee from shared folders and systems. Do not forget the less visible access, such as a VPN, a logged-in app on a private phone or an account with an external supplier.

This belongs to offboarding because a forgotten account is just as much a risk as a forgotten file. A former employee who can still reach client data months later is a data breach waiting to happen. Record which access you revoked and on which date, so that you can show this part too.

Step 4: schedule the destruction date per part

For the parts with a retention obligation, offboarding is not yet done, they wait for their end date. Put that date in the calendar right away. A handy approach is a fixed annual destruction moment, on which you review all files whose period lapses that year. That way clearing out becomes a fixed round instead of a separate action nobody thinks of.

Link that round to the leaving dates you noted in step 1. You then know each year exactly which parts may go. A one-off clear-out, for example after a reorganisation with several departures at once, is also possible. A fixed rhythm only shows a more convincing picture at an inspection.

Step 5: have it destroyed confidentially with a certificate

Once the period has lapsed, you destroy the documents confidentially. For a personnel file that means at least a fine shred, because it often contains special data such as an ID number, an ID copy or medical information from absence records. The paper and any data carriers go along sealed and stay that way until destruction, so the chain is closed.

Afterwards you receive a certificate of destruction with the date, quantity and level. Keep that certificate in your GDPR file and note the destruction in your record of processing. That way you close the offboarding with proof in hand. We collect within 20 km of Amsterdam with no call-out fee, work nationwide via pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible, it works by appointment via collection.

The offboarding checklist in 8 steps

  1. Split the file into parts and note, per part, the retention period from the leaving date.
  2. Mark what you must keep, such as payroll records (7 years) and the ID copy (5 years).
  3. Clear out immediately what has no retention obligation, confidentially and not in the waste paper.
  4. Retrieve company devices, laptop, phone, data carriers, passes and keys.
  5. Revoke all access and record which accounts you blocked.
  6. Set the destruction date per kept part in the calendar.
  7. Have it destroyed confidentially once the period has lapsed.
  8. Keep the certificate and note the destruction in your record of processing.

Digital files and data carriers

More and more personnel files sit digitally in an HR system. The steps stay the same, only the execution differs. Digital documents too have a retention period and must then disappear demonstrably. Deleting a file and emptying the recycle bin is not enough, because the data is then still on the disk. Only with overwriting or with physical destruction of the carrier is it irreversible.

Keep in mind too that the personal data of a departed employee often sits in several places, in the HR system, in backups and on old devices. Include those places in your checklist, so that you do not only clear out the visible folder but cover the whole flow.

Combine the digital and the paper side in one collection. An old laptop or external drive of the departed employee goes along sealed with the paper documents whose period has lapsed. You arrange it in one go and get a certificate covering both, with the serial numbers of the data carriers on it. That way the offboarding does not stay half-finished in a digital system nobody manages anymore.

Common mistakes

  • Keeping the whole file equally long. You then keep the largest part far too long.
  • Throwing it out unshredded. A personnel folder in the waste paper is a reportable data breach.
  • Forgetting company devices. A phone or stick not returned is an open end.
  • Not scheduling a destruction date. Without a calendar moment the file lies untouched for years.
  • Keeping no proof. Without a certificate you cannot show you cleared out on time.

A real-world example

Imagine an employee of an accounting firm leaves after five years. HR splits the file straight away. The employment contract and the payroll records get an end date seven years out, the ID copy five years out. The appraisal reports and correspondence go in about two years. Working notes and duplicate copies disappear immediately into the sealed destruction bin. The laptop and phone are returned and wiped, the accounts blocked. All end dates are in the calendar, linked to the annual destruction round. Two years later the lapsed documents go along in a sealed collection and a certificate comes back that goes into the GDPR file. At an inspection the firm shows in a few minutes that every part was handled neatly.

Have a file destroyed after an employee leaves?

Tell us what you have and you get a fixed price. We collect it sealed, destroy it at the right DIN level and you receive a certificate for your GDPR file. No call-out fee within 20 km of Amsterdam.

Request a quote

Frequently asked questions

May I destroy the whole personnel file as soon as someone leaves?

No. Part of it must be kept for years, such as payroll records for seven years and the copy of the identity document for five years. Only parts without a retention obligation may be destroyed immediately.

How long must I keep a personnel file after an employee leaves?

It differs per part. Payroll and tax records seven years, the copy identity document five years and most HR documents about two years after the end of employment.

What may I destroy immediately at offboarding?

Working notes, duplicate copies, drafts and documents with no legal retention obligation whose purpose has lapsed. You do that confidentially, not in the waste paper.

Must I retrieve company devices and data carriers when someone leaves?

Yes. Laptop, phone, USB sticks, access passes and keys belong back before the last working day. Data carriers with personal data are destroyed if they are not reused.

How do I prove I cleared out the file properly?

With a certificate of destruction per collection and a note in your record of processing. That way you show at an inspection that you destroyed on time and at the right level.

Conclusion

Handling a personnel file when an employee leaves is not a loose chore but a fixed sequence of steps. Split the file into parts, keep what must stay, clear out immediately what may go, retrieve company devices, revoke access and schedule the destruction of the rest. Close each round with a certificate and a note in your record. That way you never keep too long, never throw out too soon and stand with proof in hand at an inspection or data breach.

See also: the pillar on destroying the personnel file, plus how long to keep a personnel file, applicant data retention and destruction and payroll records retention and destruction.


Have a file collected after an employee leaves? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.