UK Storage Guide Template
UK trades need to balance convenient access to job records with GDPR, HMRC, and industry guidance. Use this cheat sheet to keep everything organised, defensible, and audit-ready.
How long to keep documents
These benchmarks cover common records. Always check trade body or insurer rules for stricter requirements.
| Document type | Recommended retention |
|---|---|
| Invoices & payment records | 6 years plus the current tax year (HMRC guidance). |
| Gas, electrical, or safety certificates | Keep for the lifetime of the installation plus 2 years. |
| Customer communications | Keep for the contract duration and up to 6 years afterwards in case of disputes. |
| Photos documenting work | Retain while the customer relationship is active or for the lifespan of the work. |
| Employee records | Minimum of 6 years after employment ends (retain more if regulations require). |
Source: HMRC company record-keeping guidance plus standard GDPR good practice.
Storage best practices
- Store photos, notes, signatures, and invoices inside Toolfy so they stay tied to the job and customer automatically.
- Use secure cloud drives (OneDrive, Google Drive, Dropbox Business) for CAD drawings or manuals that sit outside Toolfy.
- Avoid saving sensitive files on personal devices; if you must, encrypt them and sync back to the cloud quickly.
- Tag files with the customer name, job number, and date so audits or subject access requests stay painless.
- Review your archive every January and delete items that have reached their retention deadline.
Stay compliant with GDPR
Build these checks into your monthly and annual routines.
- Capture customer consent for storing photos and contact details when you start the job.
- Only retain data while you have a legal or business reason—set calendar reminders to review aged folders.
- Encrypt storage drives and restrict document access to trusted roles with strong, unique passwords.
- Back up critical documents off-site at least weekly to guard against device failures.
- When customers request deletion, remove their data from live systems and backups once obligations end.
How Toolfy keeps records tidy
Every job automatically stores photos, notes, invoices, and certificates in one place.
Role-based access ensures only authorised staff see sensitive documents.
Exports and activity logs make GDPR subject access requests straightforward.
Portal links give customers read-only access without exposing internal folders.
Need anything removed or redacted? Email support@toolfy.io with the request and our team will guide you through the process.