AboutBlogBusiness First AIFounder FreedomBook a conversation

Best-practice folder and sharing structure for Google Drive

May 25, 2026
A person at a laptop in a small office, reviewing a folder structure on screen
TL;DR

A best-practice Google Drive structure for an owner-managed services firm uses Shared Drives organised by business function rather than file type, with five top-level areas (Growth, Customer Delivery, Operations, Admin, Client), consistent file naming conventions, and role-based access managed at the drive level. This keeps work accessible when staff leave, supports UK GDPR compliance and FCA record-keeping requirements, and reduces the time lost searching for documents.

Key takeaways

- Use Shared Drives rather than personal My Drive as your firm's system of record: files stay accessible when staff leave or change roles. - A five-drive structure organised by function (Growth, Customer Delivery, Operations, Admin, Client) is a proven pattern for owner-managed UK services firms. - Keep folder depth to two to three levels and add subfolders only when a folder contains 20 or more files. - Grant access at the Shared Drive or folder level using role-based permissions, not via individual file links or public sharing. - UK GDPR record-keeping obligations, FCA SYSC requirements, and NCSC least-privilege guidance all point to the same operational need: structured, access-controlled file storage.

When a project manager at a 15-person management consultancy handed in her notice, the partners realised the files for three active client engagements were stored in her personal Google Drive. Not in a shared space, not in a company folder. In her personal account. The files were technically still accessible because her account was live, but nobody else knew what anything was called or where it lived. The knowledge was hers, not the firm’s.

That situation is entirely avoidable. The fix is structural, and it takes less than an afternoon to set up correctly from the start.

What is a best-practice Google Drive structure?

A well-structured Google Drive uses Shared Drives organised by business function rather than document type, with a consistent set of five top-level drives, naming conventions applied to every file, and permissions granted at the drive or folder level. The defining characteristic is that files belong to the team, not to the person who created them, so access continues regardless of who is in the role.

Google’s own admin documentation makes the distinction explicit: in a Shared Drive, files belong to the team and persist even when the individual account holder leaves or their account closes. That single feature changes how a firm should think about where any piece of work lives.

The five-drive pattern used by Pipeline Digital (a UK Google Workspace implementer) and Cloud Computer Company organises work into five areas. Growth covers sales, marketing, and business development. Customer Delivery holds all client work, with one subfolder per client and project phases inside each. Operations stores HR, finance, IT, and internal procedures. Admin handles corporate housekeeping: Companies House filings, insurance, and firm-level contracts. Client holds master templates for proposals, reports, and onboarding documents, separate from live client folders.

Nesting should stay at two to three levels. Overdrive, a Drive consultancy, recommends adding subfolders only when a folder contains 20 or more files, which keeps the structure navigable without requiring a guide to use it. A short “Drive etiquette” note pinned to the top of each drive documents the naming convention: date-first format (YYYY-MM-DD_ClientName_DocumentType) makes files searchable and sortable without any additional tagging.

Why does it matter for your business?

File governance has direct compliance implications for owner-managed firms. Under UK GDPR, you must be able to locate, export, and delete client personal data on request. FCA-regulated businesses face additional record-keeping requirements. The NCSC’s small business cyber guidance treats access control as a baseline security measure. A well-structured Drive makes all three easier to satisfy and protects you when staff leave.

The ICO’s data security incident statistics show that misdirected emails and wrong-recipient sharing are consistently among the most frequently reported breach types under UK GDPR. The same failure can happen inside a poorly managed Google Drive: files shared publicly by accident, or a departing team member retaining access to sensitive client records long after leaving.

The NCSC’s Small Business Cyber Security guidance recommends access control based on business need, specifically least privilege, alongside regular removal of access that is no longer required. In Google Workspace, this maps directly to Shared Drive membership: add people by role, review membership quarterly, and remove leavers on their last day.

For FCA-regulated firms, whether a small IFA, a mortgage broker, or a payments business, the obligations go further. FCA guidance on cloud outsourcing (FG16/5) expects firms to understand exactly where data sits and to be able to produce records in a usable format. A structured drive with clearly labelled client and compliance folders makes that straightforward, rather than a manual audit exercise every time a regulator asks.

Where will you actually meet it?

Many owner-managed services firms hit the Google Drive problem in one of three moments: a staff departure that reveals how much lived in personal folders, a client requesting access to shared documents, or an audit that requires producing records quickly. These situations expose what was always true: without Shared Drives and clear naming, your file access depends on who is currently in the room.

The staff-departure moment is the most acute. When someone leaves and their client files are in a personal account, you face a race between exporting what you can access and losing what you did not know was there. Google’s documentation confirms that files in personal My Drive accounts are tied to the individual account holder.

The second common trigger is new-hire onboarding. When a new team member joins and cannot find anything, the firm discovers files spread across several locations, named inconsistently, with no shared logic. The time spent rebuilding a workable structure always exceeds what it would have taken to set it up correctly in the first place.

The third is a data subject access request under UK GDPR. When a former client asks you to confirm what personal data you hold about them, a disorganised Drive makes it genuinely difficult to answer with confidence. A structured folder per client with standard subfolders turns that exercise into a 20-minute check rather than a significant investigation.

When should you build it, and when can you leave it?

A five-drive structure is worth building as soon as you have more than three or four people and files that matter for compliance or client delivery. The case for waiting is weak: the later you leave it, the harder migration becomes. The only genuine reason to pause is if no one in the firm will consistently enforce the naming conventions once they are set.

If you handle very high volumes of media assets, such as a creative agency managing large image or video libraries, a Digital Asset Management system is likely a better fit than Google Drive alone. Drive is effective for documents and structured project files; it becomes unwieldy for asset management at scale.

Similarly, some regulated sectors need immutable audit trails or formal records management that a folder structure alone cannot satisfy. Legal firms with certain practice areas, or financial services businesses with specific compliance requirements, may need specialist document management software alongside Drive rather than relying on it as the only solution.

The most common reason a well-designed structure fails is not technical. Jungle Soul Collective, a service business that has documented its own Drive setup publicly, makes this point directly: systems that do not match how people mentally organise their work get abandoned. Leadership needs to model the convention, review it after the first month of use, and adjust where the structure does not fit how work actually moves through the firm.

What else sits alongside a good Drive structure?

A Google Drive structure handles the physical layer of file organisation. It sits underneath broader concepts that owner-managed firms often encounter together: data governance (what you keep and why), records retention (how long different file types stay on the system), access management (who can reach what), and cyber baseline controls. The NCSC’s Cyber Essentials framework includes cloud service configuration as a certifiable minimum standard.

Data governance is the policy layer: it defines rules for what gets stored, for how long, and who is responsible. A Drive folder structure enforces none of those rules automatically; it makes them easier to act on. The ICO’s accountability guidance expects UK organisations to have documented retention and deletion policies, not just the technical means to act on them.

Records retention is a related but distinct obligation. Under UK GDPR, personal data should be kept only as long as necessary. FCA-regulated firms have additional minimum retention periods that vary by product type and record category, often five years or more for certain financial advice records. A labelled, dated archive folder per client makes applying those schedules far more practical than searching scattered files.

If you are planning to use AI tools to search or retrieve from your knowledge base, a structured, consistently-named Drive is a prerequisite. AI retrieval works on what it can access and parse; a disorganised Drive with inconsistent naming returns results that reflect the chaos rather than the knowledge.

Sources

- Google Workspace Admin Help. "What are shared drives?" Explains that Shared Drives belong to the team rather than to individuals, with files persisting when staff leave or accounts change. https://support.google.com/a/answer/7212025 - Pipeline Digital (UK). "The Best Google Drive Folder Structure for Your Business." Documents the five-drive structure (Growth, Customer Delivery, Operations, Admin, Client) used with UK owner-managed businesses. https://pipelinedigital.co.uk/blog/how-to-videos-and-guides/how-to-set-up-the-best-google-drive-folder-structure-for-your-business/ - Cloud Computer Company. "How To Set Up A Google Drive Folder Structure for Your Business." Step-by-step guide to Shared Drive creation, naming conventions (YYYY-MM-DD format), colour-coding, and quarterly maintenance. https://www.cloudcomputercompany.com.au/how-to-set-up-a-google-drive-folder-structure-for-your-business/ - Overdrive. "Google Drive Folder Structure: A Simple System That Actually Works." Recommends 5-7 top-level folders, 2-3 levels deep, creating subfolders only at 20-plus files to prevent folder sprawl. https://www.overdrive.tools/blog/google-drive-folder-structure-best-practices - ICO. "Guide to the UK General Data Protection Regulation (UK GDPR): Security." Covers Article 32 obligations and the need for appropriate organisational measures including documented access control. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/security/ - ICO. "Data security incident trends." Shows misdirected emails and wrong-recipient sharing among the most frequently reported breach types under UK GDPR, with direct parallels to cloud file-sharing failures. https://ico.org.uk/action-weve-taken/data-security-incident-trends/ - NCSC. "Small Business Guide: Cyber Security." Recommends least-privilege access control for cloud services and regular removal of redundant access rights when staff leave or change roles. https://www.ncsc.gov.uk/collection/small-business-guide - FCA. FG16/5: "Guidance for firms outsourcing to the 'cloud' and other third-party IT services." Expects regulated firms to understand data location and access, and to produce records in a usable format when required. https://www.fca.org.uk/publication/finalised-guidance/fg16-5.pdf - ICO. "Accountability and governance." Covers the requirement for documented retention and deletion policies as part of demonstrating UK GDPR accountability. https://ico.org.uk/for-organisations/accountability-framework/

Frequently asked questions

Should I use Shared Drives or My Drive for business files?

Use Shared Drives for any files that belong to the business. Files stored in personal My Drive accounts are tied to that individual's account and can disappear or become inaccessible when staff leave or accounts close. Shared Drives solve this by making files team-owned rather than person-owned, so work remains accessible regardless of who created the folder or is currently in the role.

How should we handle sharing files with external clients?

Create a dedicated "Client" drive or subfolder for template documents and client-facing materials. For active collaboration with a specific client, Pipeline Digital's pattern of creating a separate Shared Drive per client (named "[Your Firm] - [Client] Shared") keeps external access contained without mixing it into your internal structure. Avoid "Anyone with the link" sharing for business documents, which creates uncontrolled external access that is hard to audit or revoke.

How often should we tidy up and archive Google Drive?

A quarterly review of active project areas is a practical rhythm. The aim is to move completed client projects to a dated Archive subfolder, not to delete files outright. Cloud Computer Company recommends this as the standard maintenance cadence for keeping search fast and active folder counts manageable. The critical discipline is making it a calendar event, not something that happens when the clutter becomes unbearable.

Written by Dr Dave Heath, AI consultant and business strategist.

This post is general information and education only, not legal, regulatory, financial, or other professional advice. Regulations evolve, fee benchmarks shift, and every situation is different, so please take qualified professional advice before acting on anything you read here. See the Terms of Use for the full position.

Ready to talk it through?

Book a free 30 minute conversation. No pitch, no pressure, just a useful chat about where AI fits in your business.

Book a conversation

Related reading

two business professionals reviewing documents together at a desk in a naturally lit office

Australian data sovereignty explained for UK business owners

Australian data sovereignty law applies to UK businesses that handle personal data from Australian clients. Here is what it covers, where you will encounter it, and what to do first.

A person sitting at a desk with a laptop open in a tidy office, with neatly arranged papers and a coffee cup nearby

A straightforward way to organise Google Drive at work

A practical folder structure and setup guide for owner-managed UK services firms getting Google Drive properly under control.

Person at a desk reviewing paper documents alongside a laptop in a small office

OCR versus text extraction: what each one is good for

The difference between OCR and text extraction determines whether your document automation saves time or creates new checking work.

If any of this sounds familiar, let's talk.

The next step is a conversation. No pitch, no pressure. Just an honest discussion about where you are and whether I can help.

Book a conversation
AboutBlogBusiness First AIFounder FreedomContactBook a conversation
Privacy PolicyTermsCookie Policy

© 2026 Larocca Consulting Ltd