Here are some key points regarding GDPdU data provision:
Access Types: GDPdU defines three types of data access: – Direct Access (Z1): Here, the financial administration directly accesses the company’s IT system. – Indirect Access (Z2): In this method, the data is processed and presented by the company itself, under the supervision of the auditor. – Data Access via Data Carrier Transfer (Z3): In this case, the required data is exported to a data carrier and handed over to the financial administration.
Data Formats: Companies must provide the data in a machine-readable and evaluable format. In practice, this often means providing data in common formats such as CSV or TXT.
Data Integrity: The data provided must be complete and unchanged. This means that the data must be transmitted in its original form, without any manipulations or adjustments.
Documentation: In addition to the actual data, companies must also provide documentation that includes information about the structure of the data and the software used. This facilitates the auditors’ understanding and evaluation of the data.
Duration: The GDPdU requires companies to retain digital records for a period of 10 years and provide them upon request.
Adhering to the GDPdU regulations is of paramount importance for companies in Germany. Violations can lead to fines and additional tax demands. As a result, many companies invest in specialized software solutions or services to ensure they meet the requirements of the GDPdU.