Behavioral documentation according to the GoBD – synergies between data protection law and tax law

Here in Germany there are some legal bases or guidelines that require a company to record individual work steps. So z. B. in data protection law, tax law or in quality management. But is there a synergy or overlap in the documentation requirement in this context? We take a closer look at the process documentation according to the GoBD.

Process documentation according to the principles for the proper management and storage of books, records and documents in electronic form as well as for data access (GoBD)

At first glance, one does not suspect any overlap, because there are different laws and different areas in a company. But on closer inspection one finds e.g. states that the procedural documentation according to GoBD 24 and the list of processing activities according to Art. 30 GDPR are very similar.

Despite different priorities, both regulations require a company to record company processes in detail. In order to create a synergy effect here, it makes sense to use our electronic processing activities as a starting point for the tax process documentation.

But there are also overlaps between tax and data protection law in other areas. Tax information as well as personal data must be protected by security measures. And of course this protection must be proven by extensive documentation. The best way to do this is to list the “technical and organizational measures” in accordance with Art. 32 GDPR, which we create in the course of our cooperation.


Our team consisting of lawyers, data protection experts and IT specialists will be happy to help you keep track of legal bases and changes. We can provide you with external data protection officers or train your own specialists. For more information in this context, please contact your data protection team.