GoBD – proper electronic accounting and archiving
Many companies already archive their documents and records electronically. However, there are requirements for the digital storage of relevant data which must be observed. One of these requirements is the principles for the proper management and storage of books, records and documents in electronic form and for data access (GoBD). We explain briefly and concisely the most important facts about the proper accounting and storage of electronic records.
GoBD – what is that actually?
The abbreviation GoBD stands for the principles for the proper management and storage of books, records and documents in electronic form as well as for data access. It is an administrative instruction that was first issued by the Federal Ministry of Finance (BMF) in November 2014 and came into force during the same year. In November 2019, a BMF letter replaced the previous instruction. The ministry published a new version with numerous changes, which has been valid since January 2020. The decree of the tax authorities regulates the obligations for digital storage of tax-relevant data from accounting and business transactions.
To whom do the principles of the GoBD apply? They are mandatory for all companies. This is because the obligation regulated by law is not only binding for companies that have to present accounts, but also for small businesses, freelancers and the self-employed. If employees of the tax authorities find records and documents not recorded in conformity with GoBD during an operational audit, expensive consequences are imminent.
With the introduction of the GoBD, the previously obligatory principles of proper data processing supported accounting systems (GoBS) as well as the principles of data access and verifiability of digital documents (GDPdU) were summarized in an administrative instruction. In the old regulations it was regulated up to now that only enterprises are subject to the tax recording obligation if they also have to keep accounts. Only with the GoBD were other persons and companies included.
What needs to be done to fulfill the GoBD in the company?
The tax authorities demand audit-proof archiving from companies. Audit-proof procedural documentation or accounting means that all data subject to retention are excluded from subsequent processing or manipulation. This is particularly important if the documents are available in electronic form. The GoBD regulates these requirements precisely so that the accounting in the company remains traceable at all times for a tax consultant and the tax office.
Adaptation of the GoBD in 2020
In the new version of the GoBD, which has now been binding since January 2020, several content has been supplemented or made more specific in the wording. The reason for this was the rapid development of digital possibilities in recent years and the new electronic solutions for bookkeeping in companies that came along with it.
Therefore, among other things, it was reworded that cloud systems are now also suitable for the processing and storage of company documents and fulfill the requirements of IT-supported accounting systems. In addition, documents can now also be captured with the photo function of a smartphone and stored in the cloud. In addition, companies are no longer obliged to retain the original paper documents when filing electronically, as long as there is no change in content or important information is lost through conversion. Similarly, access for the tax authorities must not be restricted so that they can carry out their checks properly.
Six rules for tax-compliant accounting
Obligation for procedural documentation
In addition to the principles of tax recording and retention of documents, procedural documentation must be established. It helps to better check electronic accounting and describes the entire organizational and technical process of archiving. The following six steps belong to this process:
Retention periods of electronic documents
The list of electronic documents for which retention periods exist is long. The obligations to keep and not to change documents in IT-supported accounting include these proofs:
These documents must be retained for ten years, while different retention periods apply for other documents, stacked records and business transactions according to the GoBD. The following list gives some examples:
TeamDrive: GoBD-compliant software for document management
With the TeamDrive software, you can manage and archive your data and documents in an audit-proof manner. Our software enables companies to upload business documents to the cloud and store the data in an unalterable format. TeamDrive thus offers the possibility of GoBD-compliant archiving.
With each installation, TeamDrive Systems creates an RSA 2048/3072 key pair for confidential key exchange. All data is AES-256 encrypted before it is uploaded to the cloud. The keys remain with the user. With end-to-end encryption, only the user himself gains access to the unencrypted data.
The user creates a folder in which old documents can also be copied and backdated with the appropriate time of retention. A new version is saved with every change. An indelible audit trail guarantees the traceability of electronic archiving. Thus, our audit trail also replaces the manual process documentation.
For more detailed information, please request our GOBD Whitepaper.Further knowledge on the subject area of the German GOBD
According to the Principles of Proper Accounting (GoBD), data and documents that are to be recognized by the tax authorities for tax evidence must be handled in a special way.
We will explain to you the most important facts about archiving and storing electronic documents.
Further knowledge in the areas of data transfer and data storage
In the beginning, cloud computing was primarily understood to mean the provision of storage volumes via central data centers. Instead of buying storage, you could rent storage flexibly and as needed.
This continues to happen today in varying degrees, but the offering has been expanded to include numerous other interesting services from cloud providers.
A backup is a backup copy of data that can be used to restore data if the original data is damaged, deleted or encrypted.
In the best case scenario, a backup should be stored in a different location than the original data itself - ideally in a cloud. You can find out why this is the case and what this has to do with ransomware attacks here.
With the introduction of the General Data Protection Regulation, DSGVO for short, extended requirements came into effect, especially with regard to personal data protection - including sensitive sanctions for violations of the law.
Read here what effects the GDPR has on you and your company.
The ePrivacy Regulation, which is still a work in progress at the moment, will also be discussed, but will in future formulate binding data protection rules that will apply within the EU.
In the digital age, data protection and data security play an outstanding role.
To ensure that electronic data cannot be viewed by third parties and to prevent data misuse, it must be encrypted. This applies both to their storage and, above all, to their transport via the public Internet.
You can get deeper insights into the topic of encryption here.
Ransomware attacks have increased significantly in recent years. After a successful attack, all data on your computer is encrypted. From this moment on you no longer have any access options. The economic damage to companies is often enormous.
Find out here how you can protect yourself against digital blackmail.
Especially with software that is intended to protect your users' data from unauthorized access by third parties, software and data security must be taken into account and integrated into the entire software life cycle.
You can find out why this is very important and how you as a user benefit from it here.