GDPR and bookkeeping retention obligations, how do I combine them?
The Dutch tax retention is 7 years (10 for real estate), but GDPR requires deletion when no longer needed. Practical line: pseudonymise personal data in bookkeeping where possible and keep fiscal data separately.
Try this first
- 1Inventory personal data in your bookkeeping: names on invoices, IBANs, addresses, emails.
- 2For business clients: company name and Chamber-of-Commerce number is usually enough, personal names only if needed for contact.
- 3For consumers: after 7 years you may reduce to invoice number, amount, VAT rate and date, no name/address.
- 4Set a deletion policy and automate it for clients without active contracts.
- 5Document in your processing register why you keep which data how long, that is your defence in a GDPR question.
When to bring us in
If you doubt between tax retention and GDPR deletion for specific records, we can resolve it with your accountant and privacy lawyer.
See also
- Switching from Exact Online to Yuki, open items and history do not matchPackage migrations stumble on ledger mapping and open AR/AP. Without a mapping table you lose context.
- Twinfield to Exact, dimensions and cost centres go missingTwinfield uses dimensions, Exact uses cost centres and projects. The mapping is not one-to-one.
- Accountant asks for RGS mapping, your ledger does not follow RGSRGS is the Dutch standard chart that SBR filings and accountant software expect. Without mapping, every year-end is manual.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.