If a GDPR Data Retention Policy says keep finance data for 7 years.
How will we remove data:
- Transaction/Journals older than 7 years
- Bank accounts that have not been used for 7 years
- Customers or suppliers who have not had a transaction for 7 years.
- Highlight chart of account codes not used anymore so they can be removed
As a minimum I envisage a report of customers and suppliers with no activity for this time period and the ability to anonymise these and clear out address data.
I doubt there will ever be a way to completely remove old nominal entries because that would mess up your current numbers. But GDPR only applies to personal identifying information so it ought to be sufficient just to remove things like the customer name, address and email details without removing the transactions themselves.
What I’m not sure is whether removing the contact info from the client details would remove the identifying info from historical invoices you’ve already issued - I suspect not so this aspect may need some more development work from the QuickFile side.
The problem is that many transactions contain identifiable personal data on the descriptions. Adjusting opening balances and the use of some end of year rolled up transactions could provide a way to deal with this.
The GDPR Policies don’t state a time period so the 7 years must be your own policy, which could be altered to suit the way in which 3rd parties retain the data you supply.
I suspect your Data Retention policy is seven years to align with HMRC requirements to keep tax records for seven years. You can define a longer retention period if you wish, since GDPR doesn’t define specific retention times. What it does do is say that you shouldn’t keep personal data for longer than you need it. Not knowing how to delete it isn’t a justification to keep it.
I’m not sure how many Quickfile customers have data older than seven years but it is an issue if there isn’t a way to clear out old tax years data. Could you create a new account and then import the data you wish to keep (previous six years) then delete the original account?
This is a PITA but is definitely something that is needed. There also needs to be the development of a tool by the QF guys to deal with specific requests for data removal by customers.
@Glenn These two features are linked and necessary so is this something that is on the roadmap?
This is less of an issue, since “right to be forgotten” deletion requests don’t apply to data where the basis for processing is to comply with a legal obligation - if you’re keeping data on your customers within the 7 years window where you have to keep it to comply with HMRC rules then you can’t be required to delete it. But you would still have to delete the data once you are no longer under that legal obligation to retain it (e.g. when the 7 years is up).
Is there not a requirement to anonymise those retained records though as if requested to remove someone how can you justify keeping their data for a sale record for example?
You are legally required to retain accurate copies of all your sales invoices for a certain number of years - this is a requirement both under VAT law and under the rules on general business record keeping for income/corporation tax purposes. The right to erasure doesn’t apply to data you have to retain to meet a legal obligation.
Once it goes beyond that 5/6 year period (5 years from the tax return deadline for general records, 6 years from the return for VAT) and you are no longer required to retain accurate copies, then you should anonymise or delete them.
Ok, cool. Thanks for the info.
The original feature requirement still stands though.
Good summary of Legal requirements - most businesses stick with 7 year retention to ensure one full year after the 6 year requirement.
My original feature request, although driven by GDPR, is also driven by the need to keep clean records.
Over time as a business changes the use of bank accounts and codes can change - while records are still tied to these they can’t be deleted so there has to be a way of removing old years.
There may not be many people with 7 years of data in QuickFile - but once there is it will become an issue and it’s better to make the request now and give time for development.
My experience in running corporate IT finance systems is that this process tends to get ignored but then dealt with periodically when systems are replaced, only moving 7 years of data or just mothballing the old system and starting from scratch on the new one. It would be possible to do this on QuickFile by just starting a new account but retaining the old version would require some interaction to avoid the 2 year dormant account process.