With only two months to go until the GDPR significantly changes the way we process personal data, businesses (especially retailers) need to consider VAT reporting implications.
Whilst it can be tempting to err on the side of caution and delete personal customer data, the regulations are designed to force greater consideration of the need to process data, rather than to deny companies a justifiable right to do so.
Accordance facilitate the submission of data to the tax authority; we don’t take decisions around the data our clients provide and how it is used. They are the data controller. But when reviewing retention policies and the lawful basis to process data, we urge companies not to ignore VAT: some EU tax authorities require the submission of personal data as part of VAT reporting. This includes, but is not limited to, the SAF-T in Poland and the Spesometro in Italy.
Real-time reporting is also likely to expand over the next few years. Whilst there isn’t a consistent approach from EU tax authorities, we’d be surprised if personal data wasn’t required in some instances.