GDPR and Data Retention
Data Protection legislation requires that personal data be held securely and no longer than is necessary.
Information we hold on clients, in paper and electronic formats, is:
- Documents used and created during preparation of accounts and tax returns.
- Contact and identity information
The legal requirements are as follows:
- Section 886 of the Taxes Consolidation Act, 1997 requires the retention of records for a period of six years. But if the tax treatment of an item is in question records should be maintained until it is resolved.
- Section 285 of the Companies Act 2014 requires that companies retain and maintain accounting records for a period of at least 6 years after the end of the financial year containing the latest date to which the record, information or return relates. However, any company which is in receipt of EU funding may have a contract attached to it which requires the records be maintained for 10 years.
- The Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 requires that client due diligence records are maintained for five years after the end of the relevant business relationship.
To ensure compliance with our obligations, we act as follows:
- We periodically use an on-site industrial shredding service to destroy paper records after the legally required retention period has expired,
- Paper records within the retention period and those awaiting destruction are indexed and stored securely within our premises.
- Electronic records are retained for longer, to assist with any future queries , unless destruction is requested by the client.
- Electronic records are protected by a system of passwords and by use of firewall and anti-virus software.