“GDPR tax credit” fraud, from the people behind Green Jellyfish

R&D tax fraud outfit Green Jellyfish is part of a complex group of companies. Two of those companies, Macadam & Grant and Toucan Blue, promote “GDPR tax credits”. There is no such thing. It’s plain tax fraud.

Update: there have now been arrests. Comments on this post are closed.

We wrote last year about firms advertising that they’d help businesses claim “GDPR tax relief”.

The idea is that the Information Commissioner is very scary, and can slap large fines on businesses who breach GDPR, you might suffer massive damages. So it’s only prudent to amend your accounts for last year to put a reserve in place – reducing your profits and resulting in a tax refund.

But that’s wrong in three different ways. Only on rare occasions would accounting principles actually permit such a reserve – the liability has to be “probable”. Very few businesses ever suffer material fines or damages as a result of data privacy breaches.¹FRS 102 says a company can only recognise a provision if the liability is “probable” and can be “estimated reliably” Civil damages awards are rare and usually small. The really big liabilities would be fines or punitive damages – but (aside from being unlikely) they’re not tax-deductible.²A GDPR fine or punitive damages claim is non-deductible for corporation tax purposes, even if it reached by way of settlement. Damages paid out in a civil claim that compensate for actual loss (as opposed to punitive damages) may be deductible, but such claims are unlikely (and the figures would for most companies be small).³Even if you manage to book a reserve and get a deduction, you still fail, because reserves created primarily for a tax benefit aren’t deductible anyway (and neither are the adviser’s fees). A tax tribunal recently used that principle to deny a business a tax benefit from a reserve created for unfunded pension liabilities – which were much more real than these fictional GDPR liabilities. And a reserve isn’t a “credit” – a credit is forever, but a reserve will be reversed over time.

A junior accountant would spot these issues in five minutes. In fact, one did – Yisroel Sulzbacher originally brought this to our attention.

So “GDPR tax credits” are just a fraud. We weren’t the first to warn people about them.⁴We’d missed the Forbes Dawson and Justin Bryant pieces when we wrote our first article; full credit to them for spotting the issue. It’s since been widely reported, with a Computer Weekly running a report, and many other tax advisers writing warnings.

Macadam & Grant

The product

One of the companies promoting the GDPR tax relief scam was Macadam & Grant:⁵The website is down. Their X/Twitter and LinkedIn accounts are defunct, but still there.

The launch of this product was seen as a big success by those running this business:⁶This is from an Impact Group internal communication sent to us by a source.

And here’s Daniel Robinson, CEO of the Impact Business Partnership Group⁷There are many companies/groups called “Impact” – please be wary about drawing conclusions about any similarly named company, unless it operates from Rose Lane in Norwich that owns Green Jellyfish and Macadam & Grant. Robinson says (at 1:40 in the video): “we also tested Macadam & Grant, which is our GDPR tax relief scheme business, which we’re currently taking to market at full scale during Q1 [2024]”:⁸Video kindly provided to us by a source, and authenticity confirmed with other sources.

It’s jarring to see a bland corporate quarterly results presentation for a fraudulent business. Of course it’s possible that Robinson doesn’t understand that “GDPR tax relief” doesn’t exist. However, we know that employees raised concerns about this “business” with the board and were brushed aside.⁹There appears to have been significantly more internal resistance to their GDPR tax relief business than to their R&D tax relief business. We expect the reason is that some technical knowledge is required to know that their R&D tax relief business was fraudulent; however one Google search reveals the problem with GDPR tax relief. So it seems to us that, at the least, Robinson and the others were reckless

The hard sell

Macadam & Grant operated in exactly the same way as Green Jellyfish. Cold-calls from the BDEs (“business development executives”) and then follow-up emails promising massive tax refunds.

Here’s an example email from Macadam & Grant, forward to us by an outraged tax adviser:¹⁰We have redacted identifying information, but none of the text is changed. This was sent to us before we started investigating Green Jellyfish, and we only belatedly made the connection.

Like Green Jellyfish’s R&D claims, the figures bear no relation to reality. The idea any company, other than the very largest, faces six figure GDPR fines/damages is laughable. But this is worse than Green Jellyfish – at least R&D tax relief is real. Macadam & Grant was promoting a tax relief that doesn’t exist. This email was fraudulent on its face.

Macadam & Grant is legally owned by Daniel Robinson. The chart above, compiled by Paul Rosser, shows how the group stood earlier this year. You can see the details on the archived version of their website, before they scrubbed it.

A former employee, Dennis Heleteli, wrote on LinkedIn here about his shock that the company was promoting tax relief that doesn’t exist. We believe his report is credible. Another source told us that, after the publicity about GDPR tax credits, the business was moved to a new company, Toucan Blue.

That source was correct.

Toucan Blue

Here’s a promotional video posted by Toucan Blue on LinkedIn. They avoid the term “GDPR tax credits” and talk about “data security relief”, but it’s clearly the same fraudulent product:

And a website:

Toucan Blue appears to have sold other tax products – we are highly suspicious of how genuine those products are.

Toucan Blue is registered to the same address as Macadam & Grant and the other Impact/Green Jellyfish companies. It was owned by Daniel Robinson until June this year. Between then and 27 August 2024, the sole director, and sole “person with significant control”¹¹It’s unclear why, as no Companies House documents show Ms Duncombe holding any shares; possibly there is a trust arrangement behind the scenes? was Trudi Duncombe. Ms Duncombe ceased to be a director on 27 August, two days after we published this article, but is still listed as a PSC.

Who else is flogging this scam?

There are other companies flogging this. We believe all are fraudulent, including:

• TPI Claims Company Ltd
• Citadel Claims Ltd
• Corporation Tax Rebates Ltd
• Osborne Knights¹²Possibly defunct; the website’s security certificate is out of date. Not to be confused with the reputable and unrelated Osborn Knight Solicitors

However there are significantly fewer people pushing this than when we first wrote on the subject – many of the companies we listed then have taken down or amended their websites.¹³None responded to us last year when we wrote asking how they justified advertising a relief that did not exist. We’ve written to the four above. We found a few others, but the websites appeared to be broken/abandoned – the above four appear live.

Green Jellyfish’s response

We wrote to Daniel Robinson on 22 August, and said that we believed these companies’ GDPR relief claims were fraudulent.

We received no substantive response, but the Toucan Blue website was taken offline shortly afterwards.

The Impact Group

Most R&D tax fraud is carried out by individuals or small companies. It’s very unusual to see a reasonably sophisticated group of companies (the Impact Group) involved in something like this. To see them involved in another unrelated fraud suggests a systemic problem with the group.

We hope there is a criminal investigation of all involved.

Many thanks to Paul Rosser for the chart, to M for the tip-off about Macadam & Grant, and to the current and former Impact Group employees who’ve bravely spoken to us.

And thanks to Yisroel Sulzbacher for the original tip about the non-existent relief.

Comments are now closed for legal reasons. Our apologies.

• 1
  FRS 102 says a company can only recognise a provision if the liability is “probable” and can be “estimated reliably”
• 2
  A GDPR fine or punitive damages claim is non-deductible for corporation tax purposes, even if it reached by way of settlement. Damages paid out in a civil claim that compensate for actual loss (as opposed to punitive damages) may be deductible, but such claims are unlikely (and the figures would for most companies be small).
• 3
  Even if you manage to book a reserve and get a deduction, you still fail, because reserves created primarily for a tax benefit aren’t deductible anyway (and neither are the adviser’s fees). A tax tribunal recently used that principle to deny a business a tax benefit from a reserve created for unfunded pension liabilities – which were much more real than these fictional GDPR liabilities.
• 4
  We’d missed the Forbes Dawson and Justin Bryant pieces when we wrote our first article; full credit to them for spotting the issue.
• 5
  The website is down. Their X/Twitter and LinkedIn accounts are defunct, but still there.
• 6
  This is from an Impact Group internal communication sent to us by a source.
• 7
  There are many companies/groups called “Impact” – please be wary about drawing conclusions about any similarly named company, unless it operates from Rose Lane in Norwich
• 8
  Video kindly provided to us by a source, and authenticity confirmed with other sources.
• 9
  There appears to have been significantly more internal resistance to their GDPR tax relief business than to their R&D tax relief business. We expect the reason is that some technical knowledge is required to know that their R&D tax relief business was fraudulent; however one Google search reveals the problem with GDPR tax relief.
• 10
  We have redacted identifying information, but none of the text is changed. This was sent to us before we started investigating Green Jellyfish, and we only belatedly made the connection.
• 11
  It’s unclear why, as no Companies House documents show Ms Duncombe holding any shares; possibly there is a trust arrangement behind the scenes?
• 12
  Possibly defunct; the website’s security certificate is out of date. Not to be confused with the reputable and unrelated Osborn Knight Solicitors
• 13
  None responded to us last year when we wrote asking how they justified advertising a relief that did not exist. We’ve written to the four above. We found a few others, but the websites appeared to be broken/abandoned – the above four appear live.