GDPR - Manage your business data retention period
Your retention period is the length of time you store customer and supplier data (or records) for business or compliance purposes. When the retention period ends, you must remove the data. This reduces the risk of keeping unnecessary, inaccurate, or out of date information.
Set a retention period
The General Data Protection Regulation (GDPR) doesn’t set out any specific minimum or maximum periods for keeping customer and supplier data. Instead, it says you must keep data no longer than is necessary for the purpose you obtained it for.
How this works
Create a data retention policy
If you don’t already have one, now is a good time to create a data retention policy for your company. This policy will document how long your company needs to store customer and supplier data before removing it. It may also dictate how frequently you check your contact records for personal data that is outside of retention period. For more information about how long you need to store data for tax and compliance purposes, consult your accountant or review the following GOV.UK articles:
Enter your business data retention period settings
More, choose Business Settings, then Accounting Dates & VAT.
- Under Business Data Retention Period, complete the following information:
|End of Tax Year||From the drop-down list, select the relevant month that your current tax year ends on.|
|Retention Period||From the drop-down list, select the number of years you want to retain customer and supplier personal data for.|
|Reason||Enter any notes applicable to your retention period. For example, Required for VAT records.|
- Click Save.
- To show (or hide) your retention settings history, click Show History.
We will never automatically remove a contact’s data. Once the retention period ends, you must manually remove your contacts’ personal data. Find out how >