Data security

There are a number of general and basic requirements for how public authorities and private data controllers must handle data. This is stipulated in REGULATION (EU) 2016/679 of the EUROPEAN PARLIAMENT AND THE COUNCIL of 27 April 2016 on the protection of natural persons in the processing of personal data and on the free movement of such data - usually referred to as the GDPR. In addition, public authorities are also subject to a number of requirements in certain safety standards, including ISO 27001.

In developing the system and in the subsequent handling of personal data, the Customs and Tax Administration has taken account of these requirements in accordance with the GDPR or security standards to be complied with by public authorities.

However, the party reporting the data must also ensure that it is always transferred to the Tax Agency in such a way that unauthorised parties cannot gain access to the data. You are responsible for meeting the requirements for secure data handling. The Customs and Tax Administration considers parties subject to a reporting obligation as independent controllers that have the obligations arising from the GDPR. In Article 4(7) of the GDPR, a controller is defined as the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Responsibility of the party subject to a reporting obligation

Parties subject to a reporting obligation according to the Tax Reporting Act/the Danish Act on an Income Register may incur criminal liability in the event of a violation of the reporting rules laid down in the Act.  

This applies, for example, if the party subject to a reporting obligation, with intent or gross negligence:

•    fails to comply with a reporting obligation incumbent on said party according to the reporting rules set out in the Tax Reporting Act/the Danish Act on an Income Register.
•    fails to perform renewed reporting within the deadline or time limit stated by the Customs and Tax Administration 
•    provides incorrect, misleading or incomplete information which results in too low a tax assessment for the taxpayer whom the reported information concerns.

There may also be other examples of a party subject to a reporting obligation incurring criminal liability.

Parties subject to a reporting obligation are responsible for ensuring that the reporting is correct, regardless of whether the reporting is done by employees of the business, or the business has purchased a service from others to perform its reporting obligation.

If the information is not reported correctly and in due time, or if renewed reporting is not done within the stated deadline or time limit, the party subject to a reporting obligation risks incurring a fine.  

The basis is the total number of reports which the party subject to a reporting obligation is to submit. The same fine interval is used for these reports, i.e. from DKK 5,000 to DKK 80,000, as follows:

Amount of fine Number of reports
DKK 5,000 From 1 to 1,000 reports.
DKK 10,000 More than 1,000 to 10,000 reports.

DKK 20,000 More than 10,000 to 100,000 reports.
DKK 40,000 More than 100,000 to 1,000,000 reports.

DKK 80,000 More than 1,000,000 reports.

The criminal provisions are set out in Part 9 of the Tax Reporting Act and Part 10 of the Executive Order on tax declaration and reporting etc. (Skatteindberetningsbekendtgørelsen) and section A.C. (Forskellige oplysningspligter) (Various duties of disclosure) in the Danish-language legal guide.   

Penalty cases for late or insufficient reports or renewed reports will be treated according to the penalty provisions in the Tax Reporting Act.

Obligation to reconcile reported information to financial statements

If your business is required to keep accounting records, the financial statements must be organised in such a way that the reported information can be reconciled to the accounting records. This is stated in section 56(1) of the Tax Reporting Act.

It is important that you reconcile the amounts and check amounts with errors such as double reporting and decimal errors.