How Long Should You Keep Records In The UK?

byAlex Solo25 December 20258 min read

Business Set Up Employment Law Startups Regulatory Compliance Data & Privacy

Good record keeping isn’t just admin - it’s essential to running a compliant, confident business in the UK.

From tax and VAT to HR files and customer data, different laws set different retention periods. Knowing what to keep (and for how long) helps you avoid penalties, respond quickly to audits, defend disputes, and stay on top of your obligations without hoarding paperwork forever.

In this guide, we’ll break down how long to keep records under UK law, with clear timeframes you can apply, practical tips for building a retention policy, and where longer retention makes sense to protect your business.

Why Record Keeping Matters Under UK Law

There are three big reasons to get your retention periods right from day one:

Legal compliance - Various laws require you to keep certain records for set periods (for example, HMRC, Companies Act 2006, UK GDPR, employment law, health and safety law).
Risk management - Keeping the right documents for long enough helps you defend tax enquiries, employment claims, contract disputes and liability issues.
Operational efficiency - A clear retention schedule means your team knows what to keep, where it lives, and when to securely dispose of it.

As a rule of thumb, never destroy records that are still needed for legal, tax or regulatory purposes - and take reasonable steps to store records securely and confidentially while you hold them.

Financial And Tax Records: How Long To Keep Them

Financial record keeping is where retention rules are the most prescriptive. Here’s what most UK small businesses should plan for.

Accounting And Corporation Tax

Corporation tax records (companies): Keep for at least 6 years from the end of the accounting period they relate to. HMRC can ask you to keep them longer if there’s an enquiry.
Accounting records: The Companies Act 2006 requires private companies to keep accounting records for at least 3 years, but in practice you should align with HMRC’s 6-year period to be safe.

Self-Assessment (Sole Traders and Partners)

Business records for Self Assessment: Keep for at least 5 years after the 31 January submission deadline for the relevant tax year (HMRC may extend this if they open a check).

VAT Records

VAT records and VAT invoices: Keep for at least 6 years. Certain schemes (e.g. digital services in some contexts) can require up to 10 years - if in doubt, retain for 10 years.

Invoices, Sales And Purchase Documents

Invoices, receipts, contracts and supporting documents: Keep for 6 years to cover tax, VAT and limitation periods for contractual claims.
If your business issues invoices, ensure they meet UK invoice requirements so they’re valid if you need to chase payment or respond to an audit.

Banking And Reconciliations

Bank statements, reconciliations and ledgers: Keep for at least 6 years in line with tax record periods.

Tip: Where finance and tax rules differ, keep the record for the longest relevant period. That way, you won’t accidentally dispose of something you still need for a different obligation.

Employee Records: Retention Periods For Employers

When you employ staff, you’ll handle a mix of payroll data, working time records, HR files and right to work checks. Different laws set different minimums.

PAYE records (including tax, NI, benefits): Keep for at least 3 years after the end of the tax year they relate to (many employers keep 6 years to align with tax and contractual limitation periods).
National Minimum Wage records: Keep for 3 years after the end of the pay reference period.
Statutory Sick Pay (SSP), Statutory Maternity/Paternity/Adoption Pay: Keep for 3 years after the end of the relevant tax year.

Working Time, Hours And Leave

Working Time records (e.g. hours, night work): Keep for at least 2 years to comply with the Working Time Regulations. For practical guidance on hours and breaks, see our overview of Working Time Regulations.
Annual leave records: Keep long enough to evidence statutory entitlements and any disputes - 2 to 6 years is common, with 6 years aligning with the limitation period for contract claims.

Right To Work And Immigration Checks

Right to work check copies: Keep for the duration of employment and for at least 2 years after it ends (Home Office guidance). This proves you had a statutory excuse if questions arise later.

HR Files And Disciplinary/Grievance

General personnel files (performance, training, appraisals): Often kept for 6 years after employment ends (limitation period for many claims). Some discrimination claims have shorter tribunal time limits, but employers typically retain for 6 years to be safe.
Recruitment records (unsuccessful candidates): Commonly 6 to 12 months (up to 2 years is cautious) to defend discrimination claims, then delete.
Ex-employee records: For a deeper breakdown of what to keep and for how long, see our guide on how long to keep ex-employee records.

Health And Safety (H&S) Records

Accident book and RIDDOR records: Keep for at least 3 years.
COSHH, asbestos and occupational health records: Exposure and health surveillance records are often retained for up to 40 years due to long-term health risks.
Employers’ liability insurance certificates: It’s sensible to retain for up to 40 years to evidence cover if historic claims arise.

Remember, employment records also contain personal data. UK GDPR rules apply to how you store, access and eventually delete them (more on this below).

UK GDPR and the Data Protection Act 2018 don’t set fixed retention periods. Instead, they require you to keep personal data “no longer than is necessary” for the purpose you collected it.

That means you should define appropriate retention periods in your policies, explain them to individuals in your Privacy Policy, and ensure you securely delete or anonymise data once it’s no longer needed.

Practical Retention Benchmarks

Active customers: Keep core account and transaction data for the life of the relationship, plus 6 years after the final transaction to defend contract and negligence claims (Limitation Act 1980).
Marketing lists: Keep until consent is withdrawn or it’s no longer appropriate (e.g. inactive for a defined period). Build in regular reviews to clean lists.
Website analytics: Aggregate or anonymise quickly where possible; limit retention of identifiable data.
CCTV recordings: Typically 30 days is common unless an incident requires longer retention.

Whatever you decide, document it. If challenged by the ICO, you’ll need to show why your periods are “necessary and proportionate.” A good starting point is our overview of data retention periods, and when you may be permitted to remove personal information under GDPR data deletion rules.

Subject Access Requests (SARs)

Retention and deletion need to line up with your ability to respond to SARs within tight deadlines. If you delete data too quickly, you may be unable to evidence compliance; if you keep it too long, you may breach data minimisation. Make sure your retention schedule works in practice with SAR processes and your Privacy Policy.

Company Records And Core Legal Documents

Companies have specific statutory records to maintain under the Companies Act 2006 (and related regulations). Many should be kept for the life of the company.

Statutory Registers

Register of members (shareholders), directors, company secretaries, charges (where applicable), and People with Significant Control (PSC): Keep up to date and retain while the company exists. If you use the central register option at Companies House for some items, ensure your internal records are still reliable.
Share certificates and member records: These are critical proof of ownership - ensure they’re accurate and stored securely. See our guidance on share registers and best practice.

Minutes And Resolutions

Board and shareholder meeting minutes and written resolutions: Keep for at least 10 years (Companies Act requirement for minutes), though many businesses keep them for the life of the company.

Key Contracts And Legal Documents

Commercial contracts (suppliers, customers, leases, insurance): Keep for the term of the agreement plus the limitation period for potential claims - at least 6 years from the end of the contract for simple contracts, and 12 years for deeds.
Employment contracts, policies and handbooks: Retain current versions for active staff and archive for at least 6 years after employment ends to defend claims.
Privacy Policy and Data Processing Agreements: Keep historic versions to evidence what you told individuals and how you managed processors at different times.

If you ever wind up or sell the business, many of these records must still be retained for statutory periods or to manage post-completion obligations. Plan ahead so the correct documents transfer to the buyer or liquidator. For context on obligations after trading stops, see our guide to record keeping after closing a business.

Key Takeaways

Finance and tax: Keep core tax, VAT, invoices, and accounting records for at least 6 years. If HMRC opens an enquiry, you may need to retain records longer.
Employment: Keep PAYE and pay-related records for at least 3 years (many keep 6). Working Time records should be kept for at least 2 years. Keep right to work checks during employment and for 2 years after. H&S accident records are 3 years, while some exposure/medical records can run to 40 years.
Contracts and disputes: Retain key agreements for the term plus 6 years (simple contracts) or 12 years (deeds) to cover the Limitation Act periods.
Company records: Maintain statutory registers, minutes, and shareholder documentation for the life of the company; keep minutes for at least 10 years and align accounting records with HMRC’s 6-year expectation.
GDPR: There’s no single timeline - keep personal data only as long as necessary, define your periods in your Privacy Policy, and make sure your practices align with data retention periods and deletion principles.
Practical tip: Where multiple rules apply, default to the longest relevant period and document your rationale in a simple retention schedule. Review it annually.
Don’t forget invoices and ownership records: Make sure your invoices comply with UK invoice requirements, and that your share registers remain accurate and complete.
If you’re unsure, get tailored advice - retention periods can vary by industry, regulator expectations and the specific risks in your business.

If you’d like help designing a clear, compliant retention schedule - or you need support with policies, contracts or data protection - you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.

Alex Solo

Alex is Sprintlaw’s co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.

Need legal help?

Get in touch with our team

Tell us what you need and we'll come back with a fixed-fee quote - no obligation, no surprises.

Proceeding confirms you agree to our Privacy Policy

Need support?

Need help with your business legals?

Speak with Sprintlaw to get practical legal support and fixed-fee options tailored to your business.

Get Started Book A Call