HMRC Warning: You can’t claim tax deductions for future penalties for GDPR breaches
Business owners cannot lawfully claim tax deductions for potential breaches of the General Data Protection Regulation (GDPR) and are likely to be challenged if they attempt to.
HMRC has issued a clear warning to the business community after it found that some were incorrectly using provisions under the GDPR to reduce their liability for corporation tax, and/or to claim a GDPR tax credit or payment to which they were not entitled.
The wording used by HMRC suggests businesses have been targeted by tax agents with what’s essentially a scam: there is no provision to claim GDPR corporation tax relief.
All businesses are required to comply with their obligations under the GDPR and other data protection laws. Penalties may be levied by the Information Commissioners’ Office in the event of a breach.
What is permitted?
Any allowance expenses created must comply with generally accepted accounting practice (GAAP). FRS 102 says it’s only possible to recognise a provision where certain conditions are met. HMRC is clear that GDPR provisions do not meet those conditions.
However, agents are said to be relying on the provision to get businesses to claim a deduction in their tax return for a GDPR provision or even by amending earlier tax returns. This is effectively encouraging ineligible claims.
HMRC has explained how the scam works. Tax agents are, for example, telling the business of the risk level for non-compliance of the GDPR rules and suggest setting aside a sum for a potential financial penalty. They may ask the organisation to include this provision in their accounts for the latest tax return to reduce the corporation tax. They might also suggest amending the previous year’s tax return to include the provision to reduce their profits and generate a tax refund.
So what’s in it for the scammers? HMRC warns that they may charge a fee, sometimes more than 30% of any tax saving or repayment – and may even disappear before HMRC starts asking questions.
HMRC is encouraging anyone who has concerns, including those who have made a potentially incorrect claim, to get in touch and be upfront about what’s happened. If a business has been caught out, contacting HMRC will go along way towards minimising any interest and penalties payable and you’ll avoid any costs of investigation and litigation.
Key takeaway
While many businesses are understandably concerned about their futures liabilities for GDPR breaches, they should not be led to believe they can claim a tax credit for hypothetical financial penalties.
Business must be clear that provisions and related expenses should only be recognised in accordance with relevant GAAP. Anyone attempting to make unlawful claims will be challenged by HMRC and could face additional tax, interest and penalties could follow.
If you would like us to cover an issue in the next NGM Tax Law Newsletter, we would be delighted to hear from you