Docaro

UK Business Record Retention Schedule

Created:
This UK business record retention schedule helps organisations understand how long key records should be kept for compliance, audits, and operational needs. It supports effective governance alongside an AI Generated Data Retention and Records Management Policy for use in the United Kingdom.
Record Type
Suggested Retention Period
Retention Rationale
Retention Trigger
Sensitivity Level
Disposal Action
Finance and tax
Company accounting records
6 years
Companies Act accounting compliance
Date record is made
Medium
Secure deletion or shredding
Private company accounting records
3 years
Minimum Companies Act period for private companies
Date record is made
Medium
Secure deletion or shredding
Corporation tax records
6 years from period end
HMRC tax compliance and enquiries
End of accounting period
Medium
Secure deletion or shredding
Self assessment business records
5 years after filing deadline
HMRC tax compliance
31 January submission deadline
Medium
Secure deletion or shredding
VAT records and invoices
6 years
VAT audit and compliance
Date of record
Medium
Secure deletion or shredding
VAT MOSS records
10 years
Digital services VAT evidence
End of transaction year
Medium
Secure deletion
Employment and payroll
PAYE records
3 years
PAYE compliance and HMRC checks
End of tax year
High
Secure deletion or shredding
Payroll and wage records
6 years
Contract and wage claim limitation
End of tax year
High
Secure deletion or shredding
National minimum wage records
6 years
Minimum wage enforcement
Pay reference period
High
Secure deletion or shredding
Pension auto-enrolment records
6 years
Pensions Regulator compliance
Date record is made
High
Secure deletion or shredding
Pension opt-out notices
4 years
Auto-enrolment opt-out evidence
Date notice is received
High
Secure deletion or shredding
Employment and HR
Right to work checks
Employment plus 2 years
Statutory excuse against illegal working penalty
Employment termination
High
Secure deletion or shredding
Recruitment records
6 to 12 months
Recruitment challenge and equality claim risk
Recruitment decision
High
Secure deletion or anonymise
Unsuccessful candidate CVs
6 months
Equality claim defence
Recruitment decision
High
Secure deletion
Employee personnel file
Employment plus 6 years
Employment contract limitation and disputes
Employment termination
High
Secure deletion or shredding
Employment contracts
Employment plus 6 years
Contract claim limitation
Employment termination
High
Secure deletion or shredding
Disciplinary records
Warning life plus review
Employee relations and tribunal defence
Warning expiry or case closure
High
Review then secure deletion
Grievance records
Employment plus 6 years
Workplace dispute and limitation defence
Case closure or employment termination
High
Review then secure deletion
Sickness absence records
Employment plus 6 years
Absence management and claims defence
Employment termination
High
Secure deletion or shredding
Employment and payroll
Statutory maternity pay records
3 years
SMP compliance and HMRC checks
End of tax year
High
Secure deletion or shredding
Statutory sick pay records
3 years
SSP compliance and HMRC checks
End of tax year
High
Secure deletion or shredding
Employment and HR
Working time records
2 years
Working Time Regulations compliance
Date record is made
Medium
Secure deletion
Employment and payroll
Holiday pay records
6 years
Wage and contract claim limitation
Holiday year end
High
Secure deletion or shredding
Health and safety
COSHH health surveillance records
40 years
Long-latency occupational health risk
Last entry date
High
Archive review then secure deletion
Asbestos health records
40 years
Asbestos exposure disease latency
Last entry date
High
Archive review then secure deletion
Asbestos medical records
40 years
Medical surveillance compliance
Date of medical examination
High
Archive review then secure deletion
Ionising radiation dose records
50 years
Radiation exposure monitoring compliance
Date record is made
High
Archive review then secure deletion
Accident book records
3 years minimum
Accident reporting and claim defence
Date of accident
High
Secure deletion or shredding
RIDDOR reports
3 years minimum
RIDDOR reporting compliance
Date report is made
High
Secure deletion or shredding
Risk assessments
Current plus 3 years
Health and safety compliance evidence
Supersession or activity end
Medium
Review then secure deletion
Fire risk assessments
Current plus 3 years
Fire safety compliance evidence
Supersession or premises exit
Medium
Review then secure deletion
Work equipment inspection records
Until next inspection
PUWER inspection compliance
Inspection date
Low
Replace with current record
Lifting equipment examination reports
Until next report or 2 years
LOLER thorough examination compliance
Report date
Low
Replace with current record
Contracts and legal
Simple contracts
6 years
Contract claim limitation
Breach or termination
Medium
Review then secure deletion
Deeds and sealed agreements
12 years
Specialty claim limitation
Breach or expiry
Medium
Archive review then shred
Property and premises
Property title deeds
Permanent or ownership plus 12 years
Ownership evidence and property disputes
Disposal of property
High
Permanent preservation or legal review
Commercial leases
Lease end plus 12 years
Deed and property claim limitation
Lease termination
Medium
Archive review then shred
Contracts and legal
Supplier contracts
Termination plus 6 years
Contract disputes and audit trail
Contract termination
Medium
Review then secure deletion
Customer contracts
Termination plus 6 years
Contract disputes and limitation
Contract termination
Medium
Review then secure deletion
Non-disclosure agreements
Obligation end plus 6 years
Confidentiality breach limitation
Confidentiality obligation ends
High
Legal review then secure deletion
Litigation files
Closure plus 6 years
Dispute history and negligence limitation
Matter closure
High
Legal hold review then delete
Governance and company secretarial
Board minutes
10 years minimum
Companies Act minutes requirement
Date of meeting
High
Archive review or preserve
Shareholder resolutions
10 years minimum
Companies Act resolution records
Date resolution passed
Medium
Archive review or preserve
Statutory registers
Permanent while company exists
Company ownership and control evidence
Company existence
Medium
Permanent preservation
PSC register records
Permanent while company exists
Beneficial ownership compliance
Company existence
Medium
Permanent preservation
Confirmation statements
6 years
Company filing audit trail
Filing date
Medium
Archive review or delete
Filed annual accounts
6 years
Company filing and accounting evidence
Financial year end
Medium
Archive review or delete
Insurance
Insurance policies
Expiry plus 6 years
Coverage evidence and claim limitation
Policy expiry
Medium
Review then secure deletion
Employers liability insurance certificates
40 years recommended
Long-tail employee injury claims
Policy expiry
Medium
Archive review or preserve
Insurance claims files
Closure plus 6 years
Claim disputes and limitation
Claim closure
High
Legal hold review then delete
Customer and sales
Customer account records
Relationship plus 6 years
Contract and payment dispute limitation
Account closure
High
Secure deletion or anonymise
Customer complaints
Closure plus 6 years
Dispute management and limitation
Complaint closure
High
Secure deletion or anonymise
Marketing and privacy
Marketing consent records
Consent life plus suppression need
PECR consent evidence and suppression
Consent withdrawal or last use
Medium
Retain suppression or anonymise
Marketing suppression lists
Indefinite while needed
Respect opt-outs and avoid unlawful marketing
Opt-out request
Medium
Keep minimal suppression data
Website analytics records
14 to 26 months
Analytics trend analysis and privacy minimisation
Collection date
Medium
Delete or aggregate
Data protection
Data subject request records
Closure plus 3 years
UK GDPR compliance evidence and complaints
Request closure
High
Secure deletion or anonymise
Personal data breach records
6 years
Breach accountability and claims defence
Breach closure
High
Secure deletion
Data protection impact assessments
Processing life plus 6 years
UK GDPR accountability evidence
Processing ends
High
Review then secure deletion
Records of processing activities
Current plus 6 years
UK GDPR documentation accountability
Processing activity ends
Medium
Archive review then delete
Compliance and financial crime
AML customer due diligence records
5 years
Money laundering compliance
Business relationship ends
High
Secure deletion unless consent to retain
AML transaction records
5 years
Anti-money laundering audit trail
Transaction completion
High
Secure deletion unless consent to retain
Sanctions screening records
5 years
Financial sanctions compliance evidence
Screening or relationship end
High
Secure deletion
Compliance and investigations
Whistleblowing reports
Closure plus 6 years
Investigation evidence and detriment claims
Investigation closure
High
Legal review then secure deletion
Anti-bribery training records
6 years
Adequate procedures evidence
Training completion
Medium
Secure deletion
Procurement
Tender records
Award plus 6 years
Procurement challenge and contract limitation
Contract award or cancellation
High
Review then secure deletion
Procurement and finance
Purchase orders
6 years
Accounting, VAT and audit trail
Financial year end
Medium
Secure deletion or shredding
Finance and tax
Sales and purchase invoices
6 years
VAT, tax and accounting evidence
Date of invoice
Medium
Secure deletion or shredding
Bank statements
6 years
Accounting and tax audit trail
Financial year end
High
Secure deletion or shredding
Employee expense claims
6 years
Tax, accounting and fraud checks
Financial year end
High
Secure deletion or shredding
Finance and audit
Audit reports and working papers
6 years
Audit evidence and professional compliance
Audit report date
High
Secure deletion or shredding
Finance and assets
Fixed asset registers
Asset life plus 6 years
Capital allowances and asset audit trail
Asset disposal
Medium
Secure deletion
IT and security
Security event logs
6 to 12 months
Incident detection and investigation
Log creation
High
Secure deletion or aggregate
Access control logs
3 to 12 months
Security monitoring and misuse investigation
Log creation
High
Secure deletion
Security and premises
CCTV footage
30 to 90 days
Security investigation and data minimisation
Recording date
High
Automatic overwrite unless held
Visitor logs
3 to 12 months
Premises security and incident investigation
Visit date
Medium
Secure deletion or shredding
Environment
Waste transfer notes
2 years
Waste duty of care compliance
Waste transfer date
Low
Delete or recycle securely
Hazardous waste consignment notes
3 years
Hazardous waste compliance evidence
Waste movement date
Low
Delete or recycle securely
Product and quality
Product technical files
Product placed on market plus 10 years
UKCA conformity and market surveillance
Product placed on market
High
Archive review then secure deletion
Quality management records
Certification cycle plus 3 years
Certification audit and corrective action evidence
Record supersession or closure
Medium
Review then delete
Training and competence
Employee training records
Employment plus 6 years
Competence evidence and claims defence
Employment termination
Medium
Secure deletion
Safeguarding
Safeguarding concern records
Case-specific, often 6 years
Safeguarding accountability and claims
Case closure
High
Safeguarding review then secure deletion
Employment and safeguarding
DBS certificate information
Up to 6 months normally
DBS code of practice and recruitment evidence
Recruitment decision
High
Secure deletion or shredding
DBS recruitment decision record
Employment plus 6 years
Evidence decision without certificate copy
Employment termination
High
Secure deletion

How Long Should UK Business Records Be Kept?

UK retention periods vary by record type. Key statutory anchors include 6 years for many tax and company accounting records, 3 years for PAYE records, at least 40 years for asbestos and some hazardous exposure records, and 50 years for ionising radiation dose records. Contract and dispute records are commonly kept for 6 years for simple contracts and 12 years for deeds, reflecting limitation periods.

Which Records Need The Longest Retention?

  • Health and safety exposure records, especially asbestos, COSHH health surveillance and ionising radiation records, usually require the longest retention because illness may emerge decades later.
  • Pension scheme records, share registers, statutory registers and executed deeds may need long-term or permanent preservation because rights and obligations can continue for many years.
  • Governance and company records such as registers, board minutes and filed accounts should normally be retained for long periods to evidence company decisions and compliance.

What Should Trigger The Retention Clock?

The retention period should usually run from a defined event, not simply from creation. Common UK triggers include the end of the tax year, termination of employment, contract expiry or termination, completion of a transaction, closure of a complaint or matter, or the date a statutory record is made.

How Should Sensitive Records Be Disposed Of?

Records containing personal data, payroll information, medical details, disciplinary files, whistleblowing reports, safeguarding information, financial crime checks or trade secrets should be disposed of by secure deletion or confidential shredding. Disposal should be suspended where litigation, investigation, audit, insurance notification or regulatory enquiry is reasonably anticipated.

UK Business Record Retention Schedule
Want to Generate Your own Data Retention and Records Management Policy?
Docaro AI can help you write your own Data Retention and Records Management Policy for use in the United Kingdom in minutes.
Generate Your Document Now

FAQs

A UK business record retention schedule is a table showing how long different business records should be kept before review or deletion. It helps organisations manage records consistently and comply with legal, tax, employment and regulatory duties.
Show All FAQs

You Might Also Be Interested In

UK Retention Drivers and Policy Considerations
Explore UK retention drivers and policy considerations for practical records management, compliance planning, and data governance decisions.
Records Management Responsibilities by Business Function
Explore United Kingdom records management responsibilities by business function to improve compliance, accountability, and retention practices.
United Kingdom data retention decision tree for choosing record retention periods and supporting compliant records management.
United Kingdom Records Disposal and Archiving Decision Tree
United Kingdom records disposal and archiving decision tree for compliant retention, secure destruction, and practical recordkeeping.
United Kingdom Records Management Responsibility Decision Tree
United Kingdom records management decision tree to clarify responsibilities, improve compliance, and support policy implementation.

References and Information Sources