Significant changes to European data protection law come into force from 25th May 2018.
Fawcetts has carried out a review of these regulations and would like to take this opportunity to clarify our role under GDPR in the context or the services we provide to our clients.
Data Controllers and Processors
The GDPR defines a controller and processor as follows:-
- Controller – Article 4(7) defines a controller as ‘the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data’.
- Processor – Article 4(8) defines a processor as ‘the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller’.
Guidance from the Information Commissioners Office (ICO) states that ‘accountants and similar providers of professional services work under a range of professional obligations which oblige them to take responsibility for the personal data they process and in doing so they will always be acting as the data controller’.
Our obligations as a data controller
As independent controllers, we do not propose to amend our contractual arrangements with you at this time. However, in-line with our obligations under GDPR, we are taking steps to ensure that we:
- Process personal data fairly, transparently and on lawful grounds.
- Process personal data only for the purpose for which it was collected.
- Ensure that the personal data is adequate, relevant and limited to what is necessary.
- Implement appropriate technical, organisational and security measures.
- Practice data protection by design and default.
- Ensure personal data is adequately protected if it is transferred to destinations outside the European Economic Area.
- Only share personal data where we need to and have included this information in our Privacy Notice.
- Retain personal data only for as long as is necessary.
- Honour individuals’ rights.
Our updated Terms & Conditions as well as our Privacy Notice will be on our web site before 25th May.
If you have any questions regarding this statement or our personal data handling practices, please contact our Privacy Controller at email@example.com .
Request a callback
A response to a freedom of information request has revealed that HM Revenue & Customs (HMRC) cancelled 270,000 late penalty notices in 2016.
However, this figure was dwarfed by the 610,000 cancellations in 2015 and the 400,000 cancellations in 2014.
The request was made by a partner in a ‘magic circle’ law firm, who was himself issued with a late penalty notice, despite having submitted his tax return in December, ahead of the 31 January deadline.
Despite having filed on time, when HMRC overturned the penalty in March this year, it nevertheless issued a letter, stating “if you file on time we won’t charge penalties”.
While HMRC revealed the number of late penalty notices that were cancelled over the three-year period, it did not disclose how many of these were the consequence of errors on the part of the Revenue, as opposed to the taxpayer having a reasonable excuse for late filing.
A spokesperson for HMRC said: “We don’t want penalties, we just want tax returns. Taxpayers with a reasonable excuse for filing late or who have been taken out of SA do not have to pay penalties. Taxpayers who file on time are not issued with penalties.”