GDPR Tax Claims / Creating your GDPR compensation fund

Businesses: Claim tax back for the past 2 years and cut future tax by up to 50% by creating a GDPR tax provision.

(Applies to Sole traders, Partnerships and Ltd companies who have paid over £10,000 in taxes).


Are you at risk?

Does your business do any of the following?

  • Handle or process any personal data? (eg: names, addresses, date of birth, bank or payment details, race or religion, health data, ethnic origin, sexual orientation etc)
  • Hold a database of client details?
  • Process payments online or on card terminals?
  • Run any of your business activities online?
  • Keep client data on computers or memory sticks?
  • Keep paper copies of client data?

If you’ve answered “YES” to any of the above then your businesses at risk, let us help protect your business against the financial impact of potential GDPR claims.

If you have not already done so, you should also register with the Information Commissioner (ICO).


What’s it all about?

Since May 2018, all UK businesses were required to be GDPR compliant if they obtain, store and process personal data. The regulations were put in place to protect against data breaches, but it has left many businesses at risk of claims against them from the ICO (Information Commissioner) and/or private individuals.

However,it is currently estimated that over 75% of UK businesses are still currently not GDPR compliant and are at risk of a regulatory fine or being sued by clients for not keeping their data safe. Most of these businesses even believing that they have taken amicable steps to protect customer data.


The risks to your business

The ICO has the power to fine companies up to 4% of their turnover for data breaches. Over £1 billion in fines have been issued by regulatory bodies since GDPR was introduced. So far, over 37,000 businesses have failed to protect their customers’ data and are liable to be fined.

Nearly half of all UK adults questioned expressed plans to activate their new rights if their personal data had been leaked. It is estimated that average compensation amounts for personal claims can range from £750 to £10,000 per data subject.

Claims of these sizes could potentially close your business; can you afford not to act?


Examples of common Data Protection Breaches:

  • Database hackingaccounts for an estimated 21% of all data breaches
  • Cardskimming and finance attacksPayment hackers and cyber criminals are stealing £190,000 every day
  • Clerical ErrorsEmployee mistakes are so easy, an email to the wrong person could be costly
  • Compromise or loss of personal devicesOne lost USB stick cost Heathrow Airport £120,000 in fines
  • Staff theft of dataYour employees may be financially encouraged to sell your customer data


Learn your GDPR blind spots and protect against future claims.

GDPR fines, penalties and claims for compensation from customers pose a financial risk to your business and as with any risk, accounting provisions can be made to cover these costs. According to the 2006 Companies Act every UK business needs to mitigate risk and make provisions to recognize that risk.

Once a director is made aware of this risk, it is their fiduciary duty to mitigate this risk, and this is where a “GDPR monetary compensation fund or reserve” comes into play.

The benefit of recognizing this risk

As a result of reflecting this risk in your accounts, you may be able to reclaim up to 2 years tax for your “GDPR Compensation Fund” in preparation for such claims by building a provision into your company accounts.  The provision is then adjusted every year going forward to reflect the extent to which the risk has changed.  


If your business has paid more than £10,000 or more in Corporation tax, there is a good chance your claim will be accepted.

How much might we be able to claim?

You may be able to recover past tax or reduce up to 50% of your future tax liabilities by building a GDPR risk provision into your accounts.

How long will it take?

Once your accounts are submitted, claims are usually settled within 6 – 8 weeks.

Our process includes:

  1. Conducting an audit of your current GDPR compliance status.
  2. Reviewing your previous/current tax situation.
  3. Compiling a report to submitted to your accountant to be included into your next accounts.


Reducing your future risks / identifying your GDPR blind spots.

As well as helping businesses to build their own GDPR compensation fund, our team will audit your business as part of the process to ensure that your less obvious GDPR blind spots are identified, and work with you to build a plan to ensure your own business reduces its risks in the future and keep potential claims to a minimum.

Receiving your refund/reduction

Once your claim is completed and your refund issued / provision built into your accounts, you can use the funds as you see fit, but it is strongly advised that you use it to strengthen your data and cyber security and build a compensation pot to safeguard against future risks and claims.


All GDPR claims are taken on a “no win, no fee” basis. Once we know the likely size of your claim, we can clearly set out our fees to be agreed. Our team will be happy to assist you to understand the quantum of your claim.


Unit 116i, North East Business And Innovations Centre
Sunderland, SR5 2TJ
0800 6890459

Please fill in the following form and one of our team will contact you to establish if you have been mis-sold to and what assistance we can offer