Book a demo Log in / Sign up

Corporate Retention Policy Template for Singapore

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Corporate Retention Policy?

The Corporate Retention Policy serves as a crucial governance document that ensures organizations maintain their records in compliance with Singapore's regulatory framework. This policy is essential for managing business records, protecting sensitive information, and meeting statutory obligations under various laws including the PDPA and Companies Act. It provides clear guidelines on how long different types of records should be retained, methods for secure disposal, and procedures for legal hold situations. The policy is particularly important given Singapore's emphasis on corporate compliance and data protection.

Frequently Asked Questions

Is a Corporate Retention Policy legally required for companies in Singapore?

Yes, Singapore companies are legally required to maintain proper records under the Companies Act and comply with data retention requirements under the PDPA 2012. A formal Corporate Retention Policy helps ensure systematic compliance with these statutory obligations and demonstrates good corporate governance practices.

Can my Singapore company face penalties for not having a proper document retention policy?

Yes, companies can face significant penalties under Singapore law for improper record keeping. The PDPA 2012 allows fines up to S$1 million for data protection breaches, while the Companies Act imposes penalties for inadequate corporate records. Missing retention policies can also create legal vulnerabilities during audits or litigation.

How long must Singapore companies retain employment records under local law?

Under Singapore's Employment Act, employment records must be retained for at least 3 years after termination of employment. However, CPF records require longer retention periods, and personal data under the PDPA 2012 should only be retained as long as necessary for business or legal purposes.

How is a Corporate Retention Policy different from a Data Protection Policy in Singapore?

A Corporate Retention Policy covers all business records including financial, legal, and operational documents, while a Data Protection Policy specifically focuses on personal data handling under the PDPA 2012. The retention policy includes broader record types and disposal procedures, whereas data protection policies emphasize consent, access rights, and data breach protocols.

How long does it typically take to implement a Corporate Retention Policy in Singapore?

Implementation typically takes 4-8 weeks for most Singapore companies, including policy drafting, stakeholder review, system setup, and staff training. Complex organizations with multiple subsidiaries or specialized industries may require 2-3 months to ensure comprehensive coverage of all regulatory requirements and business processes.

Can electronic records be legally destroyed under Singapore's Evidence Act?

Yes, electronic records can be legally destroyed in Singapore provided they comply with the Evidence Act's requirements for electronic evidence and your retention policy's disposal procedures. However, records under legal hold or investigation must be preserved, and destruction must follow documented procedures to maintain legal defensibility.

Why do many Singapore companies fail PDPA compliance audits related to data retention?

Common failures include retaining personal data indefinitely without business justification, lacking documented disposal procedures, inconsistent retention periods across departments, and failing to implement legal hold protocols. Many companies also don't regularly review and update retention schedules to reflect changing business needs and regulatory requirements.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

LinkedIn

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

LinkedIn

Jurisdiction

Singapore

Reviewed by

Swetha Meenal & Imad Mohammed Nazar

Publisher

GenieAI

Category

Records Retention Policy

Sector

Business

Cost

Free to use

Last updated

About the Corporate Retention Policy

A Corporate Retention Policy is a comprehensive governance framework that establishes how your organization manages, retains, and disposes of business records in accordance with Singapore's legal requirements. This policy ensures you maintain proper documentation while complying with multiple regulatory obligations, from data protection to corporate governance and tax compliance.

When do you need this document?

You need a Corporate Retention Policy when establishing formal records management procedures for your Singapore-based organization. This document becomes essential during regulatory audits, when implementing data governance frameworks, or when preparing for legal proceedings where document preservation is critical. Companies undergoing mergers, acquisitions, or restructuring also require clear retention policies to manage legacy records appropriately. Additionally, organizations handling personal data under the PDPA must establish systematic retention and disposal procedures to demonstrate compliance with data protection obligations.

Key legal considerations

Your retention policy must address several critical legal requirements. Under the PDPA 2012, you must establish clear retention periods for personal data and implement secure disposal methods when data is no longer needed for business or legal purposes. The policy should define roles and responsibilities for data protection officers and department heads in managing retention schedules. You must also establish procedures for legal holds that suspend normal disposal schedules when litigation or regulatory investigations are anticipated. The policy should include classification systems that categorize records based on their legal, regulatory, and business value, ensuring appropriate retention periods are applied consistently across your organization.

Legal requirements in Singapore

Singapore law mandates specific retention periods for different document types. The Companies Act requires permanent retention of constitutional documents, registers of members, and directors' records, while financial records must be kept for at least 5 years. Under the Income Tax Act and GST Act, you must retain tax-related documents and invoices for minimum 5-year periods from the relevant assessment year. The Employment Act mandates 2-year retention of employment records after termination, including salary records and leave documentation. The Evidence Act governs how electronic records must be preserved to ensure admissibility in legal proceedings, requiring your policy to address authentication and integrity measures. Your retention policy must also incorporate PDPA requirements for personal data, establishing lawful bases for retention and ensuring data is not kept longer than necessary for the original collection purpose.

GOVERNING LAW

Applicable law

This Corporate Retention Policy is drafted to comply with Singapore law. Key legislation includes:

PDPA 2012: Singapore's Personal Data Protection Act governs the collection, use, disclosure, and retention of personal data. Key consideration for data retention periods and disposal methods.

Evidence Act: Determines admissibility of electronic records and documents in legal proceedings, affecting how records must be preserved.

Companies Act: Mandates retention of corporate documents, registers, and financial records. Some documents must be kept permanently.

Income Tax Act: Requires retention of tax-related documents and records for at least 5 years from the relevant Year of Assessment.

GST Act: Requires retention of GST-related records and invoices for at least 5 years.

Employment Act: Mandates retention of employment records for 2 years after employment termination, including salary records and employee data.

IRAS Requirements: Specific guidelines from Inland Revenue Authority of Singapore for tax document retention and accounting records.

MAS Guidelines: Monetary Authority of Singapore regulations affecting financial institutions, including specific retention periods for financial records.

SGX Requirements: Singapore Exchange requirements for listed companies regarding corporate records and disclosure documents.

Banking Sector Requirements: Additional retention requirements under Banking Act and regulations for financial institutions.

Healthcare Records Requirements: Specific retention periods for medical records and patient data in healthcare sector.

Professional Services Regulations: Industry-specific requirements for professional services firms regarding client data and engagement records.

GDPR Compliance: European Union's General Data Protection Regulation requirements if handling EU resident data.

ISO Standards: International standards for record keeping and information management systems.

International Accounting Standards: Requirements for retention of accounting records under international standards if applicable.

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it