Record keeping

Your organisation will create lots of information while you carry out your activities. Some of this information is an important record of what you have done, and how you have made decisions. It needs to be securely stored.

You need to be able to access these records for a range of reasons:

• to meet legal requirements.
• to meet your business needs.
• as evidence if you face disputes or allegations of mismanagement.

There are different categories of records. These include:

• Operational – records required for the day-to-day functions of the charity. You can usually destroy these after a set time, e.g. payroll, VAT.
• Master – important records which give evidence of significant transactions or events. You should keep these forever, e.g., asset purchases and sales, board minutes.
• Historic – records which your organisation wants to keep because they are important to the charity , e.g. history of formation and achievements.

Records Retention

A well-run and effective organisation should have a Record Retention policy that is clear and easy to use. This will ensure that you:

• have suitable records to identify and protect your assets.
• meet legal requirements.
• identify and record payments made and money received.
• report accurately in your Accounts and Trustees Annual Report.
• respond to any issues that could affect your reputation.

The policy should explain how long you keep records for, and how they will be securely stored. The policy should also outline how you decide to dispose of records that are no longer needed, and the disposal methods.

Review and Auditing

All employees and volunteers need to understand and follow the processes set out in the Record Retention Policy.

Those responsible for the management of the organisation should set up a process to make sure the policy is still relevant, and is being followed. The process will include checking that:

• The dates on the retention schedule reflect the most up to date laws and regulations.
• It is possible to access records in storage, both physical and electronic information.
• Staff and volunteers are all aware of the record retention policy.
• Records no longer required have been safely destroyed.

How long should you keep records for

Legislation, including the Charities and Trustee Investment Act (Scotland) Act 2005, outlines how long you should keep certain types of record for.  The table below provides a simple summary of this. 

You should also follow The Data Protection Act (DPA) and the UK General Data Protection Regulation (GDPR). There are no standard time limits for Data Protection and GDPR. Your organisation should have a policy that explains how long you keep these records for, and why. 

The shortest time recommended for records is often six years after the end of the financial year when an activity happened. This is because the law generally allows action for something like a breach of contract to be taken within 6 years of the unlawful act. In some circumstances, that time limit can be extended up to 15 years.

It is important not to dispose of documents before the legal requirement date. But, it is equally important that the organisation does not keep documents for longer than required. The Data Protection Act (DPA) covers records you hold about living people. It requires you to dispose of any records you no longer need, or face financial penalties. See [link to data protection pages]

If you do not have confidential shredding equipment you should use a reputable company. You should shred paper to a DIN5 size and ask for a certificate of destruction. This should explain what has been destroyed and its weight in kilograms.

Examples of Legislation which impacts on retention of records

Record retention policy template

For more on how to use this, see our page on using SCVO templates.