Short HMRC Privacy Notice
Read about HMRC's data protection policy and procedures.
This is a short summary version of the full HMRC Privacy Notice.
The purpose of collecting your data
HMRC protects your personal data in line with UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
It acts as a data controller for tax, benefits, valuations, compliance, and related services.
Why we use your data
We use your data to:
- collect taxes
- administer benefits
- prevent fraud
- provide services
Legal basis includes:
- compliance with law
- public interest tasks
- crime prevention
- legitimate interests
What data we collect
We collect:
- personal data including your name, contact information, National Insurance number, income, employment, property
- sensitive data including biometric data, health data and criminal records where relevant
How we collect your data
We collect data:
- directly from you, including your tax returns, registrations and calls
- from third parties, including employers, banks and other authorities
How we share your data
HMRC share your data:
- only where it is legally permitted or required to do so in accordance with our statutory duty of confidentiality and in compliance with the data protection legislation
- with other government departments, public authorities, law enforcement, overseas tax bodies and accredited researchers
Sometimes this data is transferred outside the UK with safeguards.
How we use Artificial Intelligence (AI)
HMRC uses AI for tax collection and fraud prevention, ensuring transparency, human oversight, and compliance.
Security and retention — how we protect your data
To protect your data:
- we follow strict government security standards
- staff and trusted partners are trained to handle data safely
- we restrict access to only those who need it
- we use technical and organisational measures to keep your data secure
- we have procedures for dealing with data breaches
Read about scam‑prevention.
We will only keep your data as long as necessary, then anonymised or delete it.
Your rights
Under UK GDPR and the Data Protection Act 2018, you have the right to:
- access your personal data
- correct inaccurate or incomplete data
- request deletion where there’s no legal reason to keep it
- object to processing or ask us to restrict it in certain cases
- challenge automated decisions and request a human review
These rights may be limited where necessary for tax collection or crime prevention.
Data protection contact and complaints
Read about how to contact HMRC or make a complaint if you want to complain:
- about how HMRC has handled your personal information
- to the Information Commissioners Office