DST56000 - Record Keeping
The responsible member in a DST group has a duty to keep and preserve such records as may be needed to enable it to deliver a correct and complete DST return.
The records which are required include:
- transaction records,
- financial management reports,
- accounting reports
- any other relevant documents or records that were used by the group to deliver their DST return.
The final bullet means records evidencing user location, supporting a methodology for a just and reasonable attribution of revenues between online services or miscellaneous records supporting an operating margin calculation (if the group makes an alternative charge election) would all be covered by the record keeping duty.
Records held by other group entities
The DST return will reflect the Digital Services revenues of the entire group. It’s possible some of the underlying records supporting the group’s self-assessment will originate from other entities in the group, and not the responsible member.
The responsible member should maintain the records it needs to complete its obligation to submit a correct and complete return. However, HMRC recognises some of this information may be maintained in aggregate form and the underlying transaction data may still be held by the members of the group recognising the revenues. HMRC will accept the responsible member has complied with its duty to keep and preserve records providing the responsible member:
- takes appropriate steps to ensure other group entities preserve the records in accordance with the requirements of the legislation
- is able to obtain and present the underlying records to HMRC upon request
Form of the records
The records can be maintained in any form.
How long should the records be kept
Records must be kept until the sixth anniversary of the last day of the accounting period. This will be the case unless a different date is specified by HMRC in a published notice. HMRC may require these records at any time during this time period.
Penalties
The responsible member may be liable to a penalty if it fails to comply with the record keeping duty.
General Data Protection Regulation (GDPR)
DST does not require businesses to collect additional personal data from their customers. HMRC expects businesses to use data that they already hold in order to complete the DST return.
It is possible that businesses may make changes to how they process or retain the personal data they hold on their customers. It is the responsibility of businesses to ensure they have a lawful basis to process the personal data they collect from individuals and comply with GDPR.
HMRC would always encourage businesses to keep their data protection practices under review to ensure that they are compliant with all GDPR. Further information for businesses about their responsibilities under GDPR can be found on the Information Commissioners Office (ICO) website at https://ico.org.uk/