If you're a German business, you need to know about GoBD compliance

Germany, unsurprisingly, has a lengthy law for businesses on how to handle their tax-related documents. If you are running a business in Germany or dealing with the German tax authorities, you need to know about GoBD compliance.

What is GoBD

GoBD is an administrative framework created by the German government to ensure that businesses (registered companies and freelancers) maintain an accurate and verifiable digital record of their tax-related documents and data.

This framework mandates that businesses keep accurate records of their financial activities and be prepared to grant access to tax auditors if the business is audited.

When we say tax-related documents, we are referring to documents that either record or relate to a financial transaction, or justify its initiation and authenticity. Here is a non-exhaustive list of the documents included in the GoBD framework:

• Invoices
• Receipts
• Orders and order confirmations
• Delivery notes
• Employment contracts and salary slips
• Project contracts
• Cash register data

Is GoBD mandatory?

Yes, it is.

As a company or freelancer, you are required to keep an accurate and verifiable record of your financial and tax-related activities.

You must maintain a centralized and organized system to store all documents, even if they are in paper format. If a financial activity occurs without an associated document, you are obliged to create one and record all the necessary information.

What you should do

First, let's be clear about something: GoBD compliance is the responsibility of the taxpayer. You, as a business operating in Germany, are responsible for keeping an accurate record of your documents and data. The software you use will help you with the technical aspects, but ultimately, regardless of the software, compliance is your responsibility.

With this in mind, I will categorize the requirements into two parts. The first category covers requirements that demand your manual action. The second category, although legally still your responsibility, must be implemented in the software you use, whether it's a product or a bespoke application.

Category 1: requirements needing your manual action

These are the manual actions you need to take in your day-to-day operations, regardless of the software or tools you use.

1. You are required to record all business and financial transactions in a “timely manner.” The law is vague about the timeline, but it emphasizes that you should save your documents as soon as possible. In practice, cash-based transactions should be recorded the same day, and other documents should be recorded within 10 days.
2. You must retain all documents for 10 years.
3. You must organize and record all necessary documents in proper order.
4. If scanning a paper document into digital format, the scan must be readable and exactly match the original paper document.
5. The recorded digital files must remain unaltered. You should not compress, resize, or otherwise modify the files before recording.
6. You need to document your internal process. For example, specify the responsibilities of each team member and the workflows you use to ensure completeness of the records.

Category 2: requirements that have to be baked into your software

These are the requirements that must be built into your software. Keep in mind that you remain legally responsible for meeting them.

1. Your documents must be immutable. Once a document is uploaded, your software should not allow it to be changed. If any change is permitted, it must be logged and retained.
2. Your documents cannot be deleted for at least 10 years.
3. While many critical metadata elements should be immutable, user-provided metadata (notes, status, keywords, tags, etc.) may be editable, but every change must be logged and retained.
4. Your software should provide documentation of the IT systems and processes it uses.
5. Your documents must be secure and properly backed up.
6. Your software must provide digital access for the tax authorities if and when they request it.

How Vieolo can help you with your GoBD compliance

Vieolo and all its modules revolve around workspaces. Each workspace is isolated from other workspaces, and each one is used for a single company, person, or group of people. A user can own or be part of multiple workspaces.

For each Vieolo workspace, you can enable its strict auditable mode with a few clicks. Once this mode is activated, you immediately meet all the Category 2 requirements. Please have in mind that the auditable mode is not reversible.

Here is what happens when you activate strict auditable mode:

• Any file uploaded to the Vieolo modules, including ReChive, will not be deletable for 10 years.
• Any user-provided metadata, such as ReChive entries, can be disabled but will not be deleted.
• Any user-provided metadata, such as ReChive entries, can be edited, but every edit will be logged and retained.
• All data and documents are organized and sorted.
• All data and documents are regularly backed up.
• Upon request, you will have access to the documentation of the IT services and processes we use.
• If audited, you will be able to provide digital access to the auditors, with documents and their metadata intact.
• You have fine-grained control over the permissions and access levels of workspace members to ensure privacy and prevent unwanted actions.