End of Financial Year Document Checklist: What Businesses Should Keep, Shred and Review

What to Keep

Not all documents need to be discarded at the end of the financial year. Many records must be kept for legal, regulatory and operational reasons. These documents support audits, demonstrate compliance and ensure your business can provide accurate information when required.

For organisations that handle personal or confidential data, document retention policies also support compliance with the GDPR. This ensures businesses can justify why information is being kept and access it when required for audits or compliance checks.

The end of the financial year provides a useful opportunity to check that the right records are being retained and that they are organised in a way that allows them to be easily retrieved if required for compliance checks, audits or internal reviews.

Businesses typically review the following records when carrying out an end of financial year document clear out:

• Company accounts, usually kept for six years
• Tax and VAT records
• Payroll records
• Employee records, with retention periods that vary
• Contracts and agreements
• Insurance documents
• Health and Safety records

Many organisations maintain a formal document retention policy that outlines how long different types of records should be kept and when they should be securely destroyed. Reviewing this policy at the end of the financial year helps ensure retention periods remain aligned with legal and regulatory requirements.

What You Can Shred

Once confidential documents reach the end of their retention period and no longer serve a legitimate business purpose, they must be securely destroyed to an unrecoverable state. Without regular review, outdated paperwork or confidential media such as hard drives, backup tapes or disks can remain in drawers, filing cabinets and storage areas unnecessarily, increasing the risk of sensitive information being retained beyond its intended lifecycle.

Under the GDPR, organisations must ensure personal data is not retained for longer than required. Retaining unnecessary records can create compliance risks, particularly where documents contain employee, customer or commercially sensitive information.

Records suitable for secure destruction may include:

• Old invoices that are past their retention period
• Expired contracts
• Duplicate paperwork
• Former employee files outside their retention window
• Documents that have been securely digitised
• Old marketing materials
• Outdated customer information

Financial year end reviews frequently uncover archived records that have remained within departmental filing systems or storage areas well beyond their useful life. These reviews are often triggered by office clear-outs, compliance audits or archive storage reviews. Identifying and securely destroying unnecessary records helps organisations reduce risk, maintain regulatory compliance and support effective information governance.

Any paperwork containing personal data, financial information or confidential business information should always be securely shredded rather than placed in general waste or recycling bins. During waste audits, confidential documents are occasionally found within both recycling and general waste streams, demonstrating how easily sensitive information can be disposed of incorrectly without clear confidential waste disposal procedures in place.

At Printwaste, we often recommend operating a shred all policy, where all paper-based documents are placed into secure shredding cabinets (known as consoles) and confidential media such as hard drives, tapes or disks is stored in separate secure media containers prior to collection for secure destruction. This approach removes uncertainty for employees, reduces the risk of documents being disposed of incorrectly and helps organisations maintain consistent data protection and information security practices across the workplace.

Printwaste Recycling & Shredding operates a secure chain of custody, ensuring confidential materials are controlled from the moment they are placed into shredding cabinets through to final destruction and onward recycling. Certificates of Destruction are then issued to provide documented confirmation that materials have been destroyed in line with data protection requirements.