UK DAC6 legislation: HMRC take a more proportionate approach following consultation

Register for our DAC6 email updates

The UK’s final DAC6 legislation was adopted by Parliament on 13 January 2020. Significant amendments have been made to the UK’s legislation based on the feedback from the 11-week consultation phase that the HMRC carried out last summer. The final UK legislation takes a much more proportionate interpretation of the EU Directive than the previous draft. 

Here is a summary of five key amendments you should be aware of:

1. Penalties

HMRC amended the penalty regime to ensure it is proportionate and flexible enough to deter non-compliance while at the same time not penalising cases where genuine mistakes were made.

2. Scope of a “tax advantage”

HMRC have limited the scope of “tax advantage” to only include those taxes that the Directive covers. This was also a measure taken to ensure proportionality.

3. Reporting in multiple jurisdictions

HMRC have amended their rules to ensure an intermediary will not be required to report in more than one jurisdiction.

4. Definition of UK intermediaries

HMRC have amended the legislation to ensure that the definition of a UK intermediary does not include those without a connection to the UK.

5. Legal professional privilege

HMRC have amended the legislation to ensure compatibility with legal professional privilege.

HMRC recognise that additional guidance is required in order to minimise the burdens for businesses. They will be working closely with interested stakeholders to develop relevant guidance that will be published before the regulations come into force on 1 July 2020.

VinciWorks’ DAC6 reporting solution

DAC6 reporting tool gif

VinciWorks’ DAC6 reporting solution allows intermediaries to record all cross-border transactions while guiding them on which transactions require reporting. The centralised reporting portal has been built following lengthy consultations with HMRC and leading international firms and includes a robust API for integrating with a firm’s existing systems. In order to offer a complete DAC6 solution, we have also released DAC6 training which includes an interactive flowchart to help intermediaries understand their reporting requirements.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.