When GDPR came into force in 2018, businesses all over Europe were left in a collective state of anticlimax. Despite all the hype and worry, very few individuals and organisations were actually consciously competent with regards to navigating and complying with the new legislation.
As time went on, however, the headlines began to fill with household brand names receiving significant penalty fines totalling millions of pounds because of lapses in their data protection strategy.
Don’t be fooled. Stock market-listed companies are not the only enterprises to be served up fines as punishment for non-compliance. GDPR will be the next ‘PPI’ or ‘Diesel Emissions’ scandal of our time, and the lawyers are already chasing the corporate ambulances…
We will show you where your vulnerabilities are, and work with HMRC to secure you a notable corporation tax rebate as part of your business’ progression towards compliance.
The instant a GDPR rule is not followed (for example: a Privacy Notice is not given, is defective, or not in the right form) an individual is automatically due a claim for financial compensation. Huge organisations such as Google are being sued for significant sums, because they failed to provide the right kind of notice at the right point in time. Google already lost a similar case back in 2015 - the Court of Appeal was against them, so they took it to the Supreme Court and then confidentially settled before judgement because they knew they would lose; and the financial ramifications would have been significant. The principle and position of this case applies to all businesses. If they have failed to follow even one of the 99 GDPR rules, they have opened themselves to claims from every customer they hold data for. All the customer now needs to do is bring a claim against the business...
By bringing GDPR legal knowledge and accounting principles together, the team at GDPR Defender will look at a business’s GDPR compliance procedures and documents, and then produce a comprehensive report that can identify any shortcomings and financial risks to that business. The report can then be used to add a provision for this risk in the business’s annual accounts.
The standards we have looked at are FRS102 and IAS 37. Which, in short, say: (a) the entity has an obligation at the reporting date as a result of a past event; (b) it is probable (i.e. more likely than not) that the entity will be required to transfer economic benefits in settlement; and (c) the amount of the obligation can be estimated reliably. As we can evidence that these conditions have been met, a provision can be made.
Statistics from the UK Government show that every business is likely to fall victim to some form of data breach in a two year cycle. Under GDPR the business has to self-report and tell its customers, and each customer then has a potential claim. Breaches are a fact of life and carry huge cost for the business. We know many that have been breached multiple times. In the same way that banks provided for claims for PPI mis-selling in their accounts, businesses can provide for claims for GDPR breaches.
The Provision reflects the likely level of claims and costs the business faces because it is not GDPR compliant. In accounting terms it reduces the amount of profit on which you pay tax as a business. It does not reduce the amount of cash in the business, just the amount going out in tax. As the GDPR rules changed in 2018 and because HMRC will allow you to amend the last two years tax returns, we can assist with recovery of tax paid in the last two years.
As with any Provision, it either needs to be realised or reversed. We will assist in planning the reversal of the Provision over a period of time to be agreed with the business or provide strategies to deal with them at the right time for the business.
Although the Provision may cause a negative balance sheet, the business is not insolvent as long as they can pay their bills when they become due. The recovery of the corporation tax and the future reduction in taxable profits means that the cash flow is positively strengthened.
GDPR Defender’s founders have built up a wealth of experience in business consulting over the years. Rich is a Technical Solutions Architect who has worked all over the world on some of the most significant enterprise computing projects around, whilst Jonny has worked with businesses of all shapes and sizes in the tech and manufacturing sectors to drive innovation and revenue growth. Ian is a renowned lawyer and expert advisor on all legal matters relating to GDPR legislation.