How do the UK’s DAC6 amendments impact foreign lawyers working in the UK?

The UK has amended its DAC6 regulations as a result of the Brexit Free Trade Agreement. Only arrangements meeting the Hallmark D category will require reporting in the UK. This means that EU registered lawyers working in the UK might need to file DAC6 reports in the European Union. 

The EU Directive states that in order to be considered an intermediary, a person shall meet at least one of the following conditions:

(a) be resident for tax purposes in a member state;

(b) have a permanent establishment in a member state through which the services with respect to the arrangement are provided;

(c) be incorporated in, or governed by the laws of, a member state;

(d) be registered with a professional association related to legal, taxation or consultancy services in a member state.

If a lawyer working from the UK office is admitted to the bar in an EU jurisdiction, they would fall under the (d) definition of an intermediary. We are not aware of any changes to the guidance around this definition of intermediary so if you are a UK law firm employing lawyers who are “registered with a professional association related to legal, taxation or consultancy services in a member state” you should be aware of your DAC6 exposure. 

Get in touch with us to see how Omnitrack can help ensure you are completing your reporting requirements.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.