HomeKnowledge base › Publishers and subscriber data
Sector

Publishers: destroying subscriber and author data

A publisher's subscriber files and author contracts ready for confidential destruction

A publisher processes the data of everyone around its titles. Subscribers and readers, authors with contracts and royalty arrangements, editorial sources that call for confidentiality, and payment and collection data. Part of it falls under the tax retention obligation, part under the GDPR and part should be kept as briefly as possible. This guide shows, part by part, what you keep, when it may go and how to have it destroyed confidentially.

The quick answer. The subscription and collection administration falls under the seven-year tax retention obligation. Author contracts you keep for as long as rights or royalty obligations arise from them. Reader, source and old address data you keep no longer than needed. What may go disappears confidentially and with a certificate.

Two frameworks that come together

At a publisher two things run through each other. The tax retention obligation requires you to keep the financial administration for seven years, think of invoices, subscription payments and royalty settlements. Alongside this the GDPR applies, which requires not keeping personal data longer than needed. The retention obligation sets the floor for what you must keep, the GDPR the ceiling for what you may not keep too long.

So treat the data per type. A subscriber file has a different status than an author contract or a list of editorial contacts. If you make that distinction, you keep exactly what you must and clear out the rest on time. If you want to see the single retention periods side by side, our overview of how long you must keep documents will help.

Retention periods by part

The period differs per type of data. The overview below gives the main line. Count the tax period from the end of the financial year and the other periods from the moment the purpose lapses.

PartStarting pointPeriod
Subscription and collection administrationTax retention obligation7 years
Author contracts and royalty settlementsAs long as rights run + taxduration of contract + 7 years
Subscriber and reader dataPurpose-bound, storage limitationuntil end of subscription + tax
Editorial sourcesConfidential, source protectionas briefly as possible
Old address filesNo ground remainingclear out at once
Correspondence and draftsNo retention obligationclear out at once

Use this as a guideline, not as a substitute for your own arrangements. When in doubt, consult your accountant or privacy adviser. The tax side is set out in the 7-year tax retention obligation.

Subscriber, reader and address data

A subscriber file is the core of many publishers. Name, address, payment method and the titles someone is subscribed to together form a detailed profile. As long as the subscription runs you need that data. If someone cancels, the ground lapses for the largest part, while the payment side still falls under the tax period. So split the file. The financial records you keep for seven years, the remaining profile data you clear out as soon as it no longer serves a purpose.

Old address files are a familiar risk. Subscribers who have moved, expired trial subscriptions and purchased address lists pile up in folders and old exports. Without a current ground they belong gone. Payment and collection data deserve extra attention, because they contain account numbers and mandates. For handling customers' payment data the same applies as for a webshop that destroys customer data.

Author contracts and royalty administration

Author contracts are no ordinary mail. They set down rights, licences and royalty arrangements that run for years, sometimes decades. As long as a title is on the market or royalties are still being settled, you keep the contract and the associated administration. The payouts themselves also fall under the tax retention obligation. Only once all rights and obligations have been settled does the ground to keep the file lapse.

Mind the different versions. During negotiations drafts, addenda and old address data of authors arise that you do not all have to keep. Keep the final contract and the royalty administration and clear out outdated drafts and personal data as soon as they no longer serve a purpose.

Editorial sources and source protection

Editorial teams work with sources that call for confidentiality. Contact lists, notes, recordings and correspondence with tip-givers can put people in a vulnerable position if they leak. Source protection here is not only a journalistic principle but also a reason to handle the storage and the destruction carefully. Keep source material no longer than needed for the publication and the aftercare, and hold it recognisably apart from the ordinary administration.

What you clear out, you clear out confidentially. A discarded source list or an old notebook by the waste paper is precisely the kind of leak you want to prevent. How to destroy confidential material safely is set out in our guide on destroying confidential documents.

How to handle it in 6 steps

  1. Split the data into administration, subscribers, author contracts and editorial sources.
  2. Keep the financial administration for seven years, counted from the end of the financial year.
  3. Keep author contracts for as long as rights or royalties arise from them.
  4. Clear out old address files and cancelled subscriptions as soon as the ground lapses.
  5. Collect what may go in sealed containers, not by the waste paper.
  6. Have it destroyed confidentially with a certificate and record it in your register.

Destroy confidentially with a certificate

Subscriber, author and source data you have destroyed confidentially, because it contains identity, payment and sometimes sensitive data. The paper and any data carriers travel sealed and stay that way until destruction, so the chain is closed. An old editorial server, a backup with the subscriber file or a decommissioned laptop belongs with it too.

Afterwards you receive a certificate of destruction with the date, quantity and level. That certificate is your proof towards the GDPR that you acted carefully. Record the destruction in your record of processing. We collect within 20 km of Amsterdam with no call-out charge, work nationwide through pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible; it works by appointment through collection.

Publisher data to be destroyed?

Tell us what you have and you get a fixed price. We collect it sealed, destroy it at the right DIN level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.

Request a quote

Common mistakes

  • Keeping cancelled subscribers endlessly. After settlement and the tax period the purpose lapses.
  • Throwing author contracts and drafts on one pile. Keep the final contract and clear out the rest.
  • Treating editorial sources as ordinary paper. Those call for extra care.
  • Leaving old address files lying around. Without a current ground they belong gone.
  • Throwing away unshredded. A subscriber file on the street is a reportable data breach.

Frequently asked questions

How long must a publisher keep subscriber and collection data?

The subscription and collection administration falls under the seven-year tax retention obligation. The remaining profile data of subscribers you keep no longer than needed, usually until the end of the subscription and its settlement.

How long do I keep author contracts and royalty administration?

Author contracts you keep for as long as rights or royalty obligations arise from them, which can take years. The payouts fall under the seven-year tax retention obligation. Only once everything is settled does the ground lapse.

May I simply keep or throw away editorial sources?

Keep source material no longer than needed for the publication and the aftercare, and hold it confidentially apart. You never throw it away unshredded, because a leaked source list can put people in danger.

How do I destroy publisher data in line with the GDPR?

Confidentially and with a certificate of destruction. Paper and data carriers travel sealed and the destruction is recorded in the record of processing.

Conclusion

A publisher works with subscriber, author and source data that each have their own period and sensitivity, between the tax retention obligation and the GDPR. Keep the financial administration for seven years, keep author contracts for as long as rights arise from them and be restrained with reader, source and address data. What may go you have destroyed confidentially with a certificate as proof. That way you meet both frameworks and protect the data of your subscribers, authors and sources.

Read also: software companies: destroying customer data, web hosting and cloud providers: destroying customer data, PR and communication agencies: destroying media contact data and the GDPR retention periods cheatsheet.


Have publisher data collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.