HomeKnowledge base › Political parties and member administration
Politics

Political parties: destroying member data

A political party's member administration and donation records ready for confidential destruction

A political party manages one of the most sensitive membership databases there is. Membership of a party reveals a political opinion, and under the GDPR that is a special category of personal data with the strictest protection. Member lists, donation records, campaign volunteers and canvassing notes therefore call for extra care, in clearing out and destruction too. This guide shows, by part, what you keep, when it may go and how to destroy it confidentially.

The quick answer: a member list is special-category personal data, because it reveals a political opinion. The financial administration you keep for seven years for the tax retention obligation, the member data itself while the membership runs. What may go disappears confidentially and at a fine level, with a certificate.

Why a member list needs extra protection

Most membership administrations are ordinary personal data, but at a political party it is different. The mere fact that someone is a member says something about their political conviction. Under Article 9 of the GDPR that is a special category of personal data, in the same class as data on health, religion or ethnic origin. The strictest rules apply: minimal access, extra security and fine-level destruction as soon as the data is no longer needed.

So never treat the membership database as an ordinary customer list. An old member list that ends up in the paper bin is not just a data breach but the exposure of the political opinion of hundreds of people. That is precisely why storage limitation weighs heavily here: do not keep longer than necessary and destroy carefully.

Retention periods by part

The period differs per type of data. The overview below gives the main line. Count the tax period from the end of the financial year and the other periods from the end of the membership or the campaign.

PartStarting pointPeriod
Association financial administrationTax retention obligation7 years
Member list and contact dataSpecial-category datawhile membership runs
Donation recordsAccountability plus taxpurpose-bound + 7 years
Campaign volunteers and canvassing notesWhile the campaign runsclear out after it ends
Event attendance listsWithout a further groundas briefly as possible
Correspondence and draftsNo retention obligationclear out at once

Use this as a guideline, not a final legal ruling. Set the exact periods in your own privacy policy. The tax side is in the 7-year tax retention obligation.

Donations: doubly sensitive

A donation to a party links a person not only to an amount but also to a political opinion. That makes donation data doubly sensitive. You need it for the administration and accountability of party financing, but do not keep it longer than those purposes require. Once the tax and accountability period has expired, this data too should disappear at a fine level.

Keep donation data recognisably separate from ordinary administration and limit access to whoever genuinely needs it. That way you avoid a list of names and political opinions lying unmanaged for years.

Campaign, canvassing and volunteers

During a campaign extra files arise: volunteer lists, canvassing notes about door-to-door conversations and sometimes notes on voter preference. That data is sensitive and has a short life: once the campaign is over, the purpose to keep it usually lapses. Clear it out confidentially afterwards, not into the paper bin. That also fits the demonstrable conduct the GDPR requires, as you read in demonstrable destruction for the GDPR. Election material with personal data belongs with it too, see destroying election material and ballot papers.

How to handle it in 6 steps

  1. Split the data into administration, member list, donations and campaign files.
  2. Treat the member list as special data with minimal access and fine destruction.
  3. Clear out campaign and canvassing notes as soon as the campaign is over.
  4. Assess per member whether the membership has ended and the data may go.
  5. Collect what may go in sealed containers, not in the paper bin.
  6. Have it destroyed confidentially with a certificate and record it in your register.

Destroy confidentially with a certificate

Member data is destroyed confidentially at a fine level, because it reveals a political opinion. The paper and any data carriers travel sealed and stay that way until destruction, so the chain is closed. An old membership-administration computer or backup belongs with it too.

Afterwards you receive a certificate of destruction with the date, quantity and level. That certificate is your proof towards the GDPR that you acted carefully. Record the destruction in your GDPR administration. We collect within 20 km of Amsterdam with no call-out charge, work nationwide through pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible; it works by appointment through collection.

Member administration to be destroyed?

Tell us what you have and you get a fixed price. We collect it sealed, destroy it at a fine DIN level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.

Request a quote

Common mistakes

  • Treating the member list as ordinary administration. Political opinion is special-category personal data.
  • Keeping donation data too long. After the tax and accountability period the purpose lapses.
  • Leaving campaign notes lying around. After the campaign they should be cleared out confidentially.
  • Throwing away unshredded. A member list on the street exposes the opinion of hundreds of people.
  • Keeping no proof. Without a certificate you cannot demonstrate the destruction.

Frequently asked questions

Is a political party's member list special-category personal data?

Yes. Membership of a party reveals a political opinion, which under Article 9 of the GDPR is a special category of personal data with the strictest protection. A member list should therefore be secured separately, with minimal access and fine-level destruction.

How long does a party keep member administration?

The association's financial administration falls under the seven-year tax retention obligation. The member data itself you keep while the membership runs and clear out afterwards, unless a concrete ground justifies keeping it longer.

Is donation data extra sensitive?

Yes. A donation to a party links a person to a political opinion and is therefore doubly sensitive. Do not keep donation data longer than necessary for administration and accountability, and then destroy it at a fine level.

How do I destroy member data in line with the GDPR?

Confidentially and at a fine level, with a certificate of destruction. Paper and data carriers travel sealed and the destruction is recorded in the record of processing.

Conclusion

A political party manages data that reveals people's political opinion, one of the most sensitive categories under the GDPR. So treat the member list and donation data as special data, with minimal access and fine-level destruction. Keep the financial administration seven years, clear out campaign notes after the campaign and assess per member when the data may go. What may go you have destroyed confidentially at a fine level, with a certificate as proof. That way you protect the trust of your members and donors.

Read also: libraries: destroying borrowing data, museums: destroying donor and ticket data, religious organisations: destroying member registers and the GDPR retention periods cheatsheet.


Have member administration collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.

Also relevant: Trade unions: destroying member data.