New GoBDs apply from January 1, 2020. The core requirement of the GoBD – the "non-modifiability" of the documentation – must be brought into line with DSGVO-compliant concepts for deletion.
The new "Principles for the Keeping and Storage of Books, Records and Documents in Electronic Form and for Access to Data" ("GoBD"), which have since been "recalled" by the Federal Ministry of Finance ("BMF"), were currently put online again at the end of November 2019 with only little changes. GoBD are to be applied as of January 1, 2020.
The regulations are linked to accounting obligations, e.g. from the German Commercial Code (§§ 238 f., 257 HGB), tax law (§§ 90, 141 ff. AO) or other special laws (§§ 91 ff. AktG, 41 ff. GmbHG, pharmacies regulation, calibration regulation, Banking Act etc.). The GoBD further develop these principles in the IT environment and contain, for example, also implementation regulations for archiving or the digital tax audit.
The regulations apply in principle to all records of tax-relevant data and take into account in particular the use of IT for bookkeeping. Also the e-mail – provided that it fulfils the function of a business letter – or accounting documents in electronic form are in principle subject to retention. Depending on the application, there are, for example, retention periods of 10 years for accounting documents or 6 years for commercial and business letters (including e-mails). In some cases, retention periods may be extended if the documents are of further importance for tax assessment. All this must be taken into account in a GDPR-compliant concept for deletion.
The new version of the GoBD – which replaces the previous version from 2014 – is intended to take account of the advanced digitalisation of companies.
What changes will arise in particular for IT and data protection in companies?
- Comments on the digitisation of documents have been adapted to current developments – in addition to scanning, photographing with a smartphone is now also permitted, provided that the other requirements of the GoBD are met.
- The cloud has been included in the definition of "data processing systems", which can be used for storing and processing documents; however, access to data must also be guaranteed in the cloud.
- The storage of accounting data abroad was still not regulated in detail, but the possibilities for recording and storage on foreign systems (e.g. on central servers abroad) were clarified.
- The new regulation is likely to have a stronger impact on IT systems in that in future, when systems are changed or archiving is outsourced after the 6th calendar year, data will only have to be made available on suitable data carriers after the changeover. It is then no longer necessary as before to grant the digital tax audit direct or indirect access to the original storage media. Finally the tax law is no longer a reason to keep further sorted out systems alive only for examination purposes.
Beside the mentioned changes there are still further, especially accountancy-relevant changes, that do not affect however directly on their IT support or data-protection-relevant processes. In addition now further information was published regarding to data carrier assignment, that are supposed to facilitate in particular smaller and middle-class enterprises the contact with this requirement.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.