Schedule a Call
We are not just accountants, we are business owners. We understand the myriad of pressures on your time.
Our focus is your success through combining the latest technology with traditional values.
One impact of the government’s decision to call an early General Election in June is that large swathes of the proposed legislation in the Budget has been dropped from the Finance Bill to enable the core measures to be passed yesterday. This included the provisions for Making Tax Digital.
Whilst many of the dropped measures, such as the reduction in the Dividend Allowance, are likely to be reinstated after the General Election, the future of Making Tax Digital is less certain.
Treasury Minister, Jane Ellison, stated that the decision to drop Making Tax Digital was made “in light of the pressures on time”.
As there are only a matter of weeks between the General Election and the summer recess and with the government committed to allow the time for a proper consideration of the measure, it seems inconceivable that the Making Tax Digital legislation could return before the Autumn Budget at the earliest.
However, the publication of the letter from Robert Chote, Chairman of the Office for Budget Responsibility, to the Rt Hon Andrew Tyrie MP, Chairman of the Treasury Select Committee, that stated the OBR had given HMRC revenue estimates “a ‘high’ uncertainty ranking”, casts doubt on the future of the project as a whole.
At CooperFaure, we will be monitoring the situation to keep our clients informed. However, if you have any questions or concerns, please email us at firstname.lastname@example.org.
If you would like to read Robert Chote’s letter in full, please click here.
In May 2016, the General Data Protection Regulation (GDPR) was approved by the European Union to come into effect from 25th May 2018.
As a Regulation, it is directly applicable across all EU Member States without the need for national legislation and will replace all current data protection legislation. For the United Kingdom, GDPR will replace the 1998 Data Protection Act.
Despite Article 50 of the Lisbon Treaty finally being invoked in March, there is no doubt that the UK will still be a Member State of the EU on 25th May 2018 so this will happen and the Information Commissioner’s Office (ICO) is proceeding on this basis.
Indeed, although all EU Regulations would void on the date the UK leaves the EU, the early indications are the government would legislate to preserve much or all of GDPR.
In any event the territorial reach aspect of GDPR specifies that a company outside the EU which is “monitoring the behaviour of, or offering goods and services to, citizens in the EU” will be subject to the rules. As a result, many UK businesses and group will still be affected after Brexit whatever the UK government does.
GDPR has six defining principles:
GDPR has greatly broadened the rights of the data subject including the ‘right to be forgotten’ and to receive back their personal data in a structured and standard format so that it can easily be transferred, so called ‘data portability’.
For children under sixteen, GDPR states that the provision of personal data ‘information society services’ such as social networking sites will be subject to parental consent.
It is absolutely clear that this new regime will place much greater demands on businesses holding personal data to evidence compliance.
The concept of ‘data protection by design’ obliges the inclusion of explicit data protection controls at the blueprint stage of new projects involving the processing of personal data. Should the project be deemed potentially high risk under the ICO guidelines, a data protection impact assessment would be mandatory.
Internal records must be maintained for all personal data processed including the details of the purpose, the recipients, the time line for deletion and an overview of the technical and organisational measures in place to protect the data.
However, the most dramatic change is in the area of security breaches and the ensuing penalties. Under the Data Protection Act, there is no requirement to inform the ICO of a breach although there is an expectation for the ICO to be informed of “serious” breaches.
GDPR requires that, as soon as a company becomes aware a personal data breach has occurred, it should without delay and, ideally within seventy-two hours, notify the the ICO, unless the company can clearly demonstrate that the breach is unlikely to jeopardize the rights and freedoms of the data subjects.
If there is a high likelihood an individual’s rights and freedoms have been infringed by the breach, they must be notified promptly to allow them to take the requisite precautions and given guidance on the measures to take to mitigate potential detrimental effects.
Under the Data Protection Act, the ICO can issue penalties of up to £500,000 for the most serious breaches. GDPR will instigate a tiered mechanism for penalties that for the most severe breaches will be the higher of 4% annual worldwide turnover or €20m and for lesser breaches be up to 2% annual worldwide turnover or €10m.
As is frequently the case, although we are nearly halfway through the time until GDPR comes into force, many, probably most, companies have not started making preparations. Make no mistake, every company that holds personal data will to a greater or lesser extent be impacted.
Whether it is the transparency of your privacy notices and policies, reviewing the legal basis for using personal data, implementing in-house procedures or staff training to meet the requirements of GDPR, there is much to be done.
Data security needs to be at the heart. Systems that hold personal data must be reviewed to ensure that they are fit for purpose and secure from both internal and external breaches. We are in the age of two-step verification which should be the default minimum.
If a breach does occur, it is essential that the procedures are in place and understood to allow timely action.
The ICO have published a guide ‘GDPR: 12 Steps To Take Now’ that can be downloaded here. If you have any questions or would like any further information on how GDPR will affect your business, please email email@example.com.
Today marks the beginning of the new 2017-18 tax year in the United Kingdom with some significant changes coming into effect. For our free, downloadable 2017-18 Tax Guide please click here.