HMRC Privacy Notice

Find out about HMRC's data protection policy and procedures.



The Data Protection Act 2018 requires organisations who process personal data to meet certain legal obligations.

These are contained within the Data Protection principles. HMRC is a data controller within the meaning of the act and process large volumes of personal data.

Published 18 May 2010
Last updated 10 September 2019 + show all updates
  1. The 'Automatic Exchange of Information' link under the 'Data sharing' section has been updated to 'Automatic Exchange of Information Privacy Notice'.
  2. Guidance on how we use particularly sensitive personal information, when we may share your personal information with third parties and information about criminal convictions has been updated.
  3. Guidance has been updated about the kind of information we hold about you, situations in which we’ll use your personal information and when we may share your personal information with third parties. Information about transaction monitoring has been added.
  4. The guidance has been updated to show how you can make a complaint to HMRC, and to update the address of HMRC's Data Protection Officer.
  5. This guidance has been updated with information about the new General Data Protection Regulation (GDPR) 2018 and the Data Protection Act (DPA) 2018.
  6. Updated with information about how to make a subject access request.
  7. This guidance has been updated to explain how requests are made.
  8. First published.