Companies investing in the compliance process of the Brazilian General Data Protection Law (GDPL) may have tax benefits if the Judiciary recognizes that these expenses give right to credits derived from the Federal gross receipt contributions (PIS and COFINS).
It is essential to show that certain investments and expenses are necessary to the company’s activity (and therefore deductible) because of statutory obligations imposed by GDPL.
Recently, there was an unprecedented judicial decision favorable to a taxpayer settling that expenses and investments in data management and privacy give right to tax credits. The rationale behind the decision was that expenses to comply with legal obligations fit the rules to generate tax credits, because they are essential or relevant to the activity.
To put it simply: compliance investments are not a choice, but mandatory because GDPL not only demands it but also provides for sanctions for noncompliance.
It is interesting to highlight that this decision matches the criteria adopted by the “Brazilian IRS” related to environmental obligations – certain green practices are mandatory to some sorts of businesses, in order to fill basic legal requirements for activities with potential environmental impacts. Therefore, related expenses give tax credits because they are essential to some companies to carry out their activities. It seems that this same logic can be extended to the investments to comply with GDPL.
Therefore, this reasoning can support other companies if they choose to file lawsuits in order to allow that expenses to comply with GDPL and even other legal obligations give right to tax credits. In practice, the economic effect is tax saving, because these expanses would be excluded from these social contributions’ calculation basis.