shaw gibbs - accountants and business advisers
accountants & business advisers

Have a question? Like to know more? - Contact us or Call +44-1865 292200 or +44-20 7436 4773, Mon-Fri 8:15am - 5:15pm

*Initial meeting is free of charge

Record Retention and Protection Policy

This policy begins by establishing the main principles that must be adopted when considering record retention and protection. It then sets out the types of records held by Shaw Gibbs and their general requirements before discussing record protection, destruction and management.

1.1 General Principles

There are a number of key general principles that must be adopted when considering record retention and protection policy. These are:

  • Records must be held in compliance with all applicable legal, regulatory and contractual requirements.
  • Records must not be held for any longer than required.
  • The protection of records in terms of their confidentiality, integrity and availability must be in accordance with their security classification and specifically whether those records contain sensitive personal data.
  • Records must remain retrievable in line with business requirements at all times (records must not be stored on personal hard drives).

1.2 Record Types and Guidelines

In order to assist with the definition of guidelines for record retention and protection, records held by Shaw Gibbs are grouped into the categories listed in the table below. For each of these categories, the required or recommended retention period and allowable storage media are also given, together with a reason for the recommendation or requirement.

Note that these are guidelines only and there may be specific circumstances where records need to be kept for a longer or shorter period of time. This should be decided on a case by case basis as part of the design of the information security elements of new or significantly changed processes and services.

Further information about records held by Shaw Gibbs, including their security classifications and owners can be found in the Data Flows Information Asset Inventory.

Record Category Description Retention Period Reason for Retention Period Allowable Storage Media
All clients generally Know your client information, including addresses, names, DOB, copies of passports 5 years after termination Legal Electronic
Business Services clients, including audit and corporate tax Historical financial records, including clients’ own books and records. 8 years ACCA regulations (which state a minimum period of 7 years for audit and suggests that this is the minimum period. ACCA suggests records may be kept for a longer period for current clients. Use 8 years in keeping with chargeable asset retention period of 8 years since our files are combined in CCH) Statute of limitations HMRC interventions Electronic only – paper records must be scanned or returned to the client
Payroll Client payroll information 8 years ACCA / PAYE Electronic
Trusteeships Details of beneficiaries, including minor children. Database journals and other logs used for database recovery For the period of trusteeship plus 8 years and preferably having received a discharge from all interested persons. ACCA regs
Needed for beneficiary information, reporting to HMRC (TRS, R40).
Electronic or paper re Trust documentation (paper normally scanned and the paper held in storage)
Financial services All information relating to the suitability of advice which may include sensitive personal data and details of children if disclosed:
  1. Pension transfer, conversion, opt out or FSAVC business
  2. Any other business
  1. Indefinitely
  2. The longer of 5 years after either termination of appointment or termination of any financial product on which advice was given
  1. Financial Conduct Authority (“FCA”) regulations
  2. FCA regulations and a reasonable time period during which a dispute might occur.
Electronic, hard copy
Insolvency IP own records
Client books and records
NB Insolvency information may include details of children where relevant to the case (eg bankruptcy)
6-10 years after release of office depending on nature of appointment and items of contention.
Company own records may be destroyed 1 year after termination of appointment.
IP regs Electronic/Paper
Tax (personal) Personal financial data, including bank details, National Insurance numbers and Tax UTR. 8 years ACCA/Tax regs re investigations
May include chargeable asset information
Electronic/Paper (paper normally returned to client after scanning)
Supplier Supplier names, addresses, company details, invoices 6 years after end of supply Maximum period within which dispute might occur Electronic/Paper
Human resources Employee names, addresses, bank details, tax codes, employment history, medical matters, next of kin 6 years after end of employment Data protection requirement; Employment law Electronic/Paper
Contractual Legal contracts, terms and conditions, leases 6 years after contract end Maximum period within which dispute might occur Electronic/Paper

Table 1 - Record types and retention period

© 2019 Shaw Gibbs Ltd

Your registration