Trade associations: destroying member data
A trade association manages the data of its members. Contact persons at affiliated companies, contribution and invoicing data, attendee lists from meetings and sometimes a complete digital member file. Part falls under the tax retention obligation, part you keep for as long as the membership runs and part should disappear as soon as possible after cancellation. This guide shows, by part, what you keep, when it may go and how to destroy it confidentially.
The short answer. The contribution and invoicing records fall under the seven-year tax retention obligation. The contact data of members you keep for as long as the membership runs and clear out after cancellation once no ongoing obligation remains. Attendee lists from meetings disappear once the event is done. What may go leaves confidentially and with a certificate as proof.
Two frameworks side by side
At a trade association two things run together. The tax retention obligation requires you to keep the administration for seven years, from contribution invoices to the annual accounts. Alongside this the GDPR applies, which requires not keeping personal data longer than necessary. The tax side sets the floor for the financial records, the GDPR the ceiling for everything that makes a person identifiable.
For the member file the association is the controller. After all, you decide why and how you use the data. So treat the file per type. A contribution invoice has a different status than an attendee list from a networking meeting or an old email address of a contact person who changed jobs long ago. If you make that distinction, you keep exactly what you must and clear out the rest on time.
Member companies and contact persons
Many members of a trade association are companies, not individuals. Yet you process plenty of personal data. Behind every member company sit contact persons with a name, a role, a business email address and a phone number. Those are personal data that fall under the GDPR, even though it is a business relationship. Especially when a contact person leaves, an outdated address sometimes stays in the file for years without anyone looking at it again.
So keep the file current and clean. Remove contact persons who no longer work at the member and process changes in good time. That is the same care that applies to associations and charities that process member and donor data. A clean file is not only tidier, it also limits the damage if something ever goes wrong.
Retention periods by part
The period differs per type of data. The overview below gives the main line. Count the tax period from the end of the financial year and the other periods from the moment the purpose lapses, usually the end of the membership or the wrap-up of a meeting.
| Part | Starting point | Period |
|---|---|---|
| Contributions and invoicing | Tax retention obligation | 7 years |
| Member records of contact persons | As long as membership runs | duration of membership |
| Data after cancellation | Storage limitation | as briefly as possible |
| Attendee lists from meetings | Purpose-bound | clear out after wrap-up |
| Digital member files and backups | Same period as the source | in line with source |
| Correspondence and drafts | No retention obligation | clear out at once |
Use this as a guideline, not a substitute for your articles of association or a specific statutory duty. When in doubt, consult your accountant or privacy adviser. The tax side is in the 7-year tax retention obligation. A broader overview per document type is in how long you should keep documents.
Attendee lists from meetings and events
Trade associations often organise meetings, general assemblies, courses and networking events. These generate attendee lists, badges, registration forms and sometimes dietary or accessibility needs. A diet for medical reasons can touch on health data, which is special-category personal data and needs extra care. These lists have a clear purpose, namely the meeting itself. Once the event is done and the administration is updated, that purpose lapses.
So do not keep attendee lists indefinitely by default. Clear out the paper versions and the loose registration forms as soon as they have served their function. How to approach that in a structured way is in the guide on event agencies and destroying attendee lists. The principle is the same, whether you organise a large congress or a small regional meeting.
Cancelling the membership
The moment of cancellation is the natural clear-out moment. As long as someone is a member, you have a ground to process the contact data. Once the membership ends, you must look again at what you really still need. You keep the contribution invoices of recent years for the tax authorities. An ongoing dispute or an outstanding claim can be a reason to keep certain data longer. But the rest, from old preferences to expired attendee lists, loses its ground.
Make that clear-out a fixed part of the cancellation procedure. That way you avoid an association still managing a file full of former members ten years on without a valid reason. Whatever you had on paper you clear out confidentially, not in the paper bin.
Digital member files and data carriers
The member file usually lives in a membership system or CRM, but it often leaks outward. Think of exported member lists in a spreadsheet, a backup on an external drive, an old laptop of a board member or printed attendance sheets in a folder. Old member directories and printed promotional material with names and addresses belong here too. When you switch to a new system or replace hardware, those data carriers full of personal data are left behind.
Include those carriers in your clear-out policy. A retired hard drive or USB stick with a member export is just as sensitive as the paper administration. Outdated printed matter with contact data you clear out the same way, something that also comes up with destroying promotional material and business cards. Everything that makes a person identifiable deserves the same careful disposal.
How to handle it in 6 steps
- Split the data into contribution records, member file, attendee lists and correspondence.
- Keep the administration for the tax period of seven years.
- Clean the member file by removing departed contact persons and former members.
- Clear out attendee lists as soon as the meeting is done.
- Collect what may go in sealed containers, paper and data carriers together.
- Have it destroyed confidentially with a certificate and record it in your register.
Destroy confidentially with a certificate
Member data is destroyed confidentially, because it contains contact data, financial data and sometimes sensitive preferences. The paper and the data carriers travel sealed and stay that way until destruction, so the chain is closed. An old board laptop, a backup drive or an archive of attendance sheets belongs with it too.
Afterwards you receive a certificate of destruction with the date, quantity and level. That certificate is your proof towards the GDPR that you acted carefully. Record the destruction in your record of processing. We collect within 20 km of Amsterdam with no call-out charge, work nationwide through pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible; it works by appointment through collection.
Member data to be destroyed?
Tell us what you have and you get a fixed price. We collect it sealed, destroy it at the right DIN level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.
Request a quoteCommon mistakes
- Keeping former members forever. After cancellation the ground for most data lapses.
- Not updating contact persons. An outdated file is a risk, not an asset.
- Leaving attendee lists lying around. Clear them out as soon as the meeting is done.
- Forgetting data carriers. An old export on a USB stick is as sensitive as the folder of paper.
- Throwing away unshredded. A member list on the street is a reportable data breach.
- Keeping no proof. Without a certificate you cannot demonstrate the destruction.
Frequently asked questions
How long must a trade association keep member records?
The contribution and invoicing records fall under the seven-year tax retention obligation. The contact data of members you keep for as long as the membership runs and clear out after cancellation once no ongoing obligation remains.
Do contact persons at member companies fall under the GDPR?
Yes. Even though the member is a company, the contact person is a natural person. Name, role, business email address and phone number are personal data and fall under the GDPR.
What do I do with member data after a membership is cancelled?
Keep only what you still need for the tax administration or an ongoing dispute. The remaining contact data, preferences and attendee lists you clear out confidentially once the purpose has lapsed.
How do I destroy member data in line with the GDPR?
Confidentially and with a certificate of destruction. Paper and data carriers travel sealed and the destruction is recorded in the record of processing.
Conclusion
A trade association works with contact data, contribution data and attendee lists of members, between the tax retention obligation and the GDPR. Keep the administration for seven years, clean the member file of departed contact persons and clear out attendee lists after wrap-up. The moment of cancellation is your natural clear-out moment. What may go you have destroyed confidentially with a certificate as proof, paper and data carriers together. That way you meet both frameworks and protect your members' data.
Read also: jewellers: destroying customer data and Wwft, drugstores: destroying customer data, trade unions: destroying member records and the GDPR retention periods cheatsheet.
Have member data collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.