Select Page

How Long Do You Retain Digital Files?

As a business owner or corporate manager, you likely have a digital storage facility for your documents. Companies must retain digital copies of documents like bank statements and tax returns to comply with regulations.

However, there’s no one-size-fits-all rule for retention times across all records. As a result, you’ll need to create a document retention policy (DRP) and categorize your files.

This post outlines the retention guidelines and best practices for records in your organization.


How Long Do I Retain Digital Business Documents?

Digital document retention guidelines require companies to store their records for one, three, or seven years, depending on the document type. In some cases, you’ll have to keep the documents permanently.

If you don’t know what to keep and what to delete, your lawyer, accountant, or state agency can provide you with guidance. Many agencies have requirements on document retention.

Legal Documents

You must keep deeds, real estate appraisals, formation records, trademarks, patent registrations, and bills of sale indefinitely.

Hiring and Personnel Records

Companies must retain job applications, resumes, and employment advertisements for at least a year. Employers must keep Documents relating to exposure to agents harmful to an employee’s health for a minimum of 30 years. You’ll need to keep OSHA accident forms for at least five years.

Insurance, Licenses, and Permits

The company must retain all licenses, permits, and insurance policy documentation until they receive updates to these documents.

Bank Statements

Companies must retain business banking, investment, credit card statements, and cancelled checks for seven years.

Accounting Documents

Companies must retain tax accounting records, year-end financial statements, and depreciation schedules for up to seven years. Your CPA may recommend keeping these records indefinitely.

What are Best Practices for Document Retention?

Firstly map out the types of data you have.

As an example, is it legal, accounting, tax, operational or personal data?

The data classification process can help you understand the types of data you have on your company network.

It’s worth asking the question in each department about the types of data they have as there is a case.

An example, when the sale department might be making new sales – you may assume that sales data is just held in the CRM and relates to business or customer contacts.

Still, if the sale itself is being processed and credit card details are on file, then this touches upon financial data, and there are strict rules on how credit card data must be handled.

When classification is complete, the next step is to research your local laws and what the data retention period needs to be for each data type.

This can be a more significant piece of work, and it’s recommended that you seek outside help with this step so that you stay compliant.

Tools such as Microsoft’s information protection system, which is a feature built into Microsoft 365, can help you scan the company network and enforce strict policies on the retention and sharing of data.

If you would like help creating a data retention policy and enforcing it with Microsoft tools, get in touch with us.