Regardless of your business focus, the endless accumulation of digital documents has become both an inevitability and a reliable source of exasperation, with the benefits of digital document management offset by the sheer volume of files. A temptation to torch everything at the end of each project, or even in the middle of particularly trying meetings, is understandable - but we denied this release by legal compliance, with demands that records are retained for months and years according to their significance.

At the same time, other legislation - chiefly GDPR in the UK and Europe, and the CCPA in the USA - demands that personal data on customers is not kept, and basic good practice dictates that you can’t just throw everything onto the server and wait for somebody to ask about it. That’s earned the term “digital landfill”, and it’s as undesirable as its non-digital namesake.

Piling things up without proper filing guarantees that you’ll waste time and resources trying to find things later: smart document archiving and retention means that you securely keep the files you need for legal compliance and good customer service, in a format that you can easily find when you need them. The best teams have a clear understanding of their compliance requirements, a well-documented retention plan, and tools like Workiro that do the hard work for them. Read on to learn their secrets. 

‍

1. Go digital, if you haven’t already

‍
‍Even the teams that are some way from the best have made this step. It is simply not possible to efficiently handle paper-based records without spending on the space and the staff required to stay on top of them. Even then, a crack squad of secretarial staff can be undone by a simple mis-labelling problem or worse yet, physical damage like fire or flooding. 

Moving to a secure document management system (DMS) means that files are stored online using cloud backup, which is fundamentally disaster-proof, and makes it far easier to organise and search them. Make sure you pick a DMS that is fully compliant with industry standards and have a robust plan for getting your files into it. For more on that, check out our guide to migrating your paper documents to the cloud. 

‍

‍

2. Know your obligations for compliance

You should know exactly how long you need to retain your business documents, some of which will vary depending on your industry and the regulatory requirements you’re subject to. Beyond this, all businesses have to conform to basic retention requirements for different types of business data. Some examples include:

• Business registration and accounting records must be retained for a minimum of six years
• Employee salary, benefits and deduction records must be retained for at least three years from the end of the tax year they cover
• If your business is registered for VAT, records must be kept for at least six years
• Board meeting minutes must be retained for ten years

Underlying, and complicating, all this is GDPR in the UK and EU, which states that personal data should not be kept for longer than is required for the purposes for which it was originally collected. This is chiefly a concern for customer data, but it’s true of employees too, and anybody can make a Data Subject Access Request to see all the data you hold on them. Each such request must be replied to within 30 days, which is another reason to have a very robust search tool and excellent filing processes. 

For businesses operating in the US, the laws vary by state, and you should seek local advice on best practice. At the very least you’ll need to conform to the California Consumer Privacy Act (CCPA) which operates on similar principles to GDPR.

‍

3. Create a retention schedule - and get it confirmed by a lawyer

‍

It’s essential to get legal advice for this one. The requirements for document retention are complex but there’s no getting round them, and the penalties for non-compliance are steep. Start by referring to our guide to how long you should archive your documents, and work out what categories of document you’re keeping. 

Based on that, you’ll need to create a detailed retention schedule that makes explicitly clear what type of documents should be retained, how, and how long for. There’s extensive guidance on this available from the Information Commissioner’s Office. You need your retention policy to be clearly written out alongside a specific staff communication and training policy in order to be compliant, so get a legal expert to bless it.

‍

4. Set up tasks and reminders to ensure that the schedule is followed

This is one of the great benefits of using a DMS: because everything’s in the system already, you can easily set reminders and tasks to ensure that the retention schedule is followed. Workiro makes it easy to assign tasks to individual team members, or specific groups of users (like, say, certain team leaders) and because you can group everything by project, you can specify that the work is completed by the people who know the client, task or deliverable. You can monitor all of it centrally from within the Workiro interface, and see instantly when the archiving process has been completed - or when you need to chase up somebody to do it.

‍

5. Start with a single updated version of key documents, not a mass of competing ones

The old advice was “have a consistent naming convention”, but that’s near-impossible to enforce and barely compatible with remote working. Smart teams just have a single filename and top-tier version control, meaning that everybody works from the same file. Workiro supports this by default, with advanced business collaboration tools that enable teams to work on Office365 documents from anywhere, supported by version history tools that enable you to see at a glance a file’s entire life story from creation to current version. When it comes to archiving, it can all go into long-term storage with the audit trail attached. 

‍

6. Include every data source, not just the traditional ones

In the modern workplace, key data is not always found in the conventional documents, spreadsheets and PowerPoint decks - it’s in email, DMs and comments. Ensure that you don’t overlook this when you’re creating your archive. Using Workiro for collaboration means that you can capture this as a matter of course, with the previously mentioned chat, comments and file history automatically captured and archive-ready. 

If you’re using a different platform, it’s a bit more work: enterprise chat platforms have the ability to export channels and messages for archiving, so make a point of exporting your Teams or Slack data to add to your document archive. 

‍

7. Set strict access controls, with active monitoring and audit trails

Once archived .documents need to drop out of day-to-day use and only be accessed by a select group of approved users. Your DMS needs to support secure access with group-based user access controls, so you can ensure that only people in the correct group can gain access to the archive. The nature of the group is something you’ll need to include in your retention plan to ensure audit compliance.

‍

8. Have a documented destruction policy

This sounds a lot more action-packed than it is. It’s an element of the records retention policy, which can be overlooked because it’s the opposite of retention: the need to have a formal means of destroying data that you don’t want or cannot retain, in a documented and secure fashion. 

This includes things like having locked waste bins for disposing of confidential documents, and shredding or incineration processes for its subsequent disposal. The same is required for digital devices, which need to be specifically wiped (formatting them isn’t enough) or physically destroyed. The latter can be on-site or via third party, but the latter will need to provide suitable assurance it’s been completed (via audits or certificates of destruction) and submit to audit checks. For business data in cloud storage, you’ll need to confirm protocols and receive assurances from the storage provider. 

To learn more about document archiving and retention, head over to our 2025 guide to document management systems, which includes advice on document control vs document archiving. If you’d like to find out more about how Workiro handles it, you can chat to one of our specialists or just drop us a line.