File Retention in Preparation for GDPR

16 May 2018

We are often asked by clients for how long they should retain files; or if their professional indemnity insurers have any requirement surrounding the retention of client papers.

The General Data Protection Regulations come in shortly and protect personal data. Now is a good time for all firms, as part of the preparation for GDPR compliance, to review their file retention policies.

The Solicitors Regulation Authority (SRA) does not have any specific rules on the length of time that firms should keep client files. Firms are, of course, required to establish good processes for orderly file closure, which is central to running an efficient practice, managing risk (Chapter 7 of the SRA Code) and fulfilling your client care obligations (Chapter 1 of the SRA Code).

The Law Society does not provide guidance, though they do have specific practice notes which may be of interest.

Retention of Wills and Probate Practice Note

Retention of Trusts practice note

File Closure Management practice note

These practice notes can be found on the Law Society’s website but are premium content.

Keeping paper files in storage is expensive and there are costs attached to saving files digitally. There are no requirements relating to the retention of files in the SRA’s Minimum Terms for Professional Indemnity Insurance. An insurer would not normally be able to avoid a claim because you no longer have the file. However, without a file, it is almost impossible to gather the evidence to defend a negligence claim.

We approached Chris Stanton of Keoghs for his insight on this issue. He explains “A key step is to review past, present and future retainer letters, which should set out for how long and the reasons why your firm will retain the file. GDPR, which comes into effect on 25 May 2018, prevents businesses from holding personal data for longer than is necessary for the specific purpose for which it is retained. Firms cannot hold files indefinitely”.

Under GDPR, the obvious grounds for firms holding personal data are consent and contractual, which means that getting your retainer letters right is important. The letters should say how long you will retain the files and why.

Firms should have a file retention policy. Factors to consider include the risk of a claim from a particular matter type, the potential size of a claim on a particular matter, the limitation period that might apply and your obligations under the SRA Code of Conduct. Firms also need to be mindful of specific client requirements – for example conveyancers acting for a lender will need to comply with the requirements of the UK Finance Mortgage Lenders Handbook. Retention periods may be different – for example six years for litigation, 12 years for property purchases, 6 years for property sales and until the age of 21 for matters involving a minor.

Download Bulletin

For further information please contact:

James Frost, Associate, JLT’s Legal Practices Group on +44 (0) 121 626 7841 or email

Colin Taylor CIRM, Partner, JLT’s Legal Practices Group on +44 (0) 20 7528 4261 or email

This blog is compiled for the benefit of clients and prospective clients of companies of the JLT group of companies (“JLT”). It is not legal advice and is intended only to highlight general issues relating to its subject matter; it does not necessarily deal with every aspect of the topic. Views and opinions expressed in this document are those of JLT unless specifically stated otherwise. Whilst every effort has been made to ensure the accuracy of the content of this document, no JLT entity accepts any responsibility for any error, or omission or deficiency. If you intend to take any action or make any decision on the basis of the content of this document, you should first seek specific professional advice. The information contained within this document may not be reproduced and nothing herein shall be construed as conferring to you by implication or otherwise any licence or right to use any JLT intellectual property.