top of page

THE PAPER TRAIL: NAVIGATING SOUTH AFRICA'S RECORD RETENTION REQUIREMENTS


Businesses face an increasingly complex challenge: how long to keep their records. From small enterprises to major corporations, the question isn't just about storage space anymore – it's about legal compliance, risk management, and data protection.

The more information retained beyond the statutory date, the greater the risk of data breaches is a warning issued by the South African Institute of Chartered Accountants (SAICA). But on the other hand destroying records too early could land organizations in serious legal trouble.


Corporate Records: The Backbone of Business DocumentationClose Corporations Face Strict Requirements

The requirements for closed corporations are among the most demanding in South African business law:

 

  • Accounting records and supporting schedules must be kept for 15 years

  • Annual financial statements require a 15-year retention period

  • Founding statements (CK1) and amendments (CK2 & CK2A) must be kept indefinitely

  • Minutes and resolutions are subject to indefinite retention


The Companies Act Framework

The Companies Act 71 of 2008 sets different standards that have become a cornerstone of business documentation:


  • Basic company records require a minimum 7-year retention

  • Notice of incorporation and memorandum of incorporation must be kept indefinitely

  • Securities register and company rules need indefinite retention

  • Financial statements and accounting records require 7 years of safe keeping


Consumer Protection and Financial Documentation: A Balancing Act

The Consumer Protection Act takes a more lenient approach, requiring just 3 years of retention for:


  • Consumer information and communications

  • Conflict of interest disclosures

  • Records of advice

  • Promotional competition records

  • Auction documentation


However, financial institutions face stricter requirements under various laws:

  • Customer due diligence records: 5 years from relationship end

  • Transaction records: 5 years from completion

  • Suspicious transaction reports: 5 years from reporting date

 

Employment Records: Beyond the Basics

The employment sector presents some of the most varied retention requirements in South African law. While basic records like books of account need only three years of retention, other documents demand permanent storage. Employee disciplinary records, for instance, must be kept indefinitely – a requirement that often catches businesses off guard.


Health and Safety Documentation

Perhaps most striking are the health and safety record requirements:


  • Health & safety committee records: 3 years

  • Incident records: 3 years

  • Asbestos records: An astounding 50 years

  • Hazardous biological agents records: 40 years


The Tax Landscape

SARS has established clear guidelines based on different scenarios:


  • Submitted returns must be kept for 5 years from submission

  • Records for unsubmitted returns must be retained indefinitely

  • Documents under audit or appeal must be kept until resolution

  • VAT documentation requires 5 years of retention


The POPIA Impact

The Protection of Personal Information Act has revolutionized record retention in South Africa. While other laws set minimum retention periods, POPIA effectively sets maximum ones.


Organizations must now:

  1. Keep records only as long as necessary for their original purpose

  2. Justify extended retention through law or contract

  3. Destroy records in a way that prevents reconstruction

  4. Ensure electronic deletions are permanent and unrecoverable


Best Practices for Modern Business

  1. Comprehensive Documentation System

    • Maintain records in their original form

    • Implement orderly filing systems

    • Ensure accessibility for inspections


  2. Electronic Record Management

    • Obtain proper authorization for electronic systems

    • Secure special permission for offshore storage

    • Implement robust backup systems


Best way to dispose of documentation (after the appropriate periods):

To ensure the secure and compliant disposal of company documents, combining secure practices with the services of certified disposal companies is a highly effective approach.


Here are comprehensive steps for safely getting rid of sensitive company documents:


  1. Shredding: For in-office shredding, use a cross-cut or micro-cut shredder to thoroughly destroy paper documents. Alternatively, there are companies who provide on-site shredding with industrial-grade machines, ensuring documents are immediately and securely destroyed.

  2. Secure Collection: Certified disposal companies often provide secure, locked containers or bins for on-site storage of documents awaiting disposal. These bins can be kept at the company’s location until regular pick-up by the disposal service, maintaining security at every stage.

  3. Electronic Data Destruction: For digital files, use secure deletion software to overwrite data multiple times before disposal.


Certified disposal services can physically destroy or degauss hard drives, issuing a certificate of destruction for each device.


  1. Certificate of Destruction: After processing, certified companies issue a certificate of destruction, documenting the method, date, and time of disposal. This certificate serves as proof for regulatory compliance with data protection laws, and helps verify that the company has taken due diligence in securely destroying sensitive information.

  2. Environmentally Responsible Disposal: Many certified disposal companies recycle shredded paper and e-waste, ensuring compliance with environmental standards. This sustainable approach allows companies to meet both data protection and environmental responsibilities.


As businesses increasingly digitize their operations, the challenges of record retention are evolving. The key isn't just keeping everything forever or destroying records as soon as possible – it's about finding the balance between compliance and practicality.


Proper record retention isn't optional – it's essential for survival in an increasingly regulated environment. The cost of proper record retention may be significant, but the cost of non-compliance could be far higher.


Remember: When multiple retention periods apply to the same records, always follow the longer period. When in doubt, consult legal experts who can provide guidance specific to your industry and circumstances. In the world of record retention, knowledge isn't just power – it's protection



bottom of page