Copy-ID and payroll statements: 7 versus 2 years at the staffing agency
A staffing agency deals with two legal frameworks at the same time that do not point in the same direction. For tax purposes you must keep payroll administration for seven years. At the same time the GDPR requires you not to keep copies of identity documents longer than necessary, which for most employers is a maximum of two years after the end of employment. In practice both types of document sit mixed together in the same personnel file at many agencies. That is a problem.
This article describes how to separate the two streams, which periods apply legally, and how to build destruction into the working rhythm of the branch.
Two rules, two periods
The tax retention obligation in article 52 of the Dutch General State Taxes Act (AWR) imposes seven years on all data relevant to taxation. Payroll statements, annual statements, payslips, employment contracts, hours and mileage records all fall under it. See also our article on the 7-year tax retention obligation for the full framework.
The GDPR sets no explicit period for copy-ID, but article 5(1)(e) (storage limitation) requires destruction as soon as the purpose lapses. The Dutch tax authority requires you to establish and record the employee's identity for payroll tax, but the Autoriteit Persoonsgegevens guidance states that a copy of the document in the personnel file may be retained for a maximum of five years after departure in connection with payroll tax recovery, and that BSN and photo elsewhere must be kept as short as possible. Many agencies use in practice: copy-ID at the latest two years after end of employment, payroll admin seven years from end of financial year.
What goes wrong without separation
If you put everything in one folder per employee and let that folder sit for seven years, you keep the copy-ID five years longer than needed. In a data breach or inspection visit that is a GDPR breach. Conversely: if you destroy the whole folder after two years, you miss the payroll statements seven years later when the tax authority comes for an additional assessment.
A personnel file is legally not a single thing. It is a collection of separate documents, each with its own retention period.
How to separate in practice
Three workable models:
- Physical separation. Two folders per employee: "ID and screening" and "payroll and contract". First folder to the destruction bin two years after departure. Second folder seven years from financial year-end.
- Digital separation. In your HR system upload copy-ID with a separate retention label. Automatic deletion routine after two years. Payroll administration in the payroll system with its own seven-year retention.
- Hybrid. Paper copy-ID in a locked cabinet per branch, annual clean-up. Payroll administration digital in payroll. This works for smaller agencies still partly on paper.
Mask BSN or not?
Since 1 January 2014 only the employer may use the BSN in payroll administration. On copies of ID documents that circulate further within the company (for example to clients or hirers) the BSN must be masked. The photo and document number may in some cases also be masked. Make this a fixed approach and document it in your GDPR records.
SNA and NEN 4400-1
Staffing agencies with the SNA quality mark or NEN 4400-1 certification receive periodic audits. The auditor looks at, among other things, your retention periods, document separation and destruction process. An annual destruction certificate from a certified party is standard expected evidence here. See also our overview of GDPR retention periods by document type.
On-site destruction at the branch
Because copy-ID and payroll admin are particularly sensitive, we advise destruction on-site. At DeSnipperaar, the destruction truck visits your branch and shreds paper to DIN 66399 P-5. Your member of staff watches along, you receive a certificate per batch immediately. Files do not leave the building intact. No contract, no minimum: one run a year for files crossing the two-year mark is enough.
Scheduling an annual clean-up at your branch?
We come by with a mobile shredder. Copy-ID and old payroll statements destroyed on the spot, certificate per job.
Request a quoteWhat to do at takeover or merger
At a takeover, merger or office relocation you also inherit the paper legacy archive. The legal successor takes on the retention obligation and the GDPR responsibility. In such a case, plan an inventory within the first hundred days, separate ID and payroll immediately, and destroy everything outside both periods.
In short
- Payroll admin: seven years (tax) from end of financial year.
- Copy-ID: as short as possible, as a rule no more than two years after end of employment.
- Separate physically or digitally, never everything in one envelope.
- Mask BSN when distributing to third parties.
- On-site destruction prevents sensitive documents being lost in transport.
Want to read more by industry? See our page for staffing agencies and payroll, or the article on candidate files after rejection or end of placement.