Knowledge Base
Knowledgebase Support HMRC Useful links
Knowledgebase home
Tax Return Production
Accounts Production
Practice Management
VAT Filer
Anti-Money Laundering
Support home
Video Training Guides

Hot Topics
SimpleStep Guides
Release Notes
Known Issues

Service Status
Useful Links
MTD for Agents MTD for Businesses What is MTD
Agent Services Account
MTD for Income Tax
Digital Record Keeping
Quarterly Updates
Step-by-step Guide
HMRC's MTD Timeline
TaxCalc's MTD Journey

GDPR Centre

The GDPR compliance solution for accountants in practice.

£131 per year

Buy Now

Like all businesses, every accountancy practice should comply to the latest
GDPR recommendations issued by the Information Commissioner’s Office (ICO).

This means documenting your firm’s personal data policies and procedures to demonstrate your compliance and responding quickly and effectively if you have a Data Breach or a Data Subject Access Request.

With GDPR Centre we’ve used our award-winning product design and practice know-how to create a compliance solution that helps you navigate the complexities of GDPR and stay on top of your obligations.


As you’d expect from TaxCalc, you’ll find many thoughtful features including:

  • Links to Practice Manager for Data Subject Access Requests and to track actions against specific client data
  • Easy-to-understand, jargon-free language
  • Explanations of technical terms, with reference to official guidelines and advice
  • Pre-populated sections with scenarios specific to practices to save you time form-filling from scratch
  • Plus, the ever popular, tried and trusted
    • SimpleStep® workflow to guide you as you go
    • Check & Finish intelligent validation tool to cross-check your entries

GDPR features baked in

Use GDPR Centre to:

  • Record Data Breaches – and help prevent them happening again
  • Fulfil, track and file Data Subject Access Requests
  • Create comprehensive checklists of your GDPR-compliant policies and procedures
  • Log the appointment, training and actions of your nominated Data Protection Officer
  • Carry out annual reviews of your data processes
  • Record what kinds of personal data you hold (and why)
  • Create risk scenarios to test how your firm will react to a variety of situations
  • Record any international data organisations you work with

Other ways TaxCalc helps you stay on top of GDPR

  • Consent management in Practice Manager – helps you keep track, manage and report on the consent to specific types of communications channel for each client
  • Updated engagement letters for GDPR Compliance in the Mail Merge section of Practice Manager
  • PDF Encryption add-on module for Tax Return and Accounts Production

Like what you see?

To talk to us about your practice software needs. Call our Sales Team today on:

0345 5190 883

Lines are open Monday to Thursday 9.30am - 5.00pm and 9am - 5pm Friday, excluding UK Bank holidays.

Help is always on hand

We aim to make our software as easy to use as possible but for those times when you need us, you can be sure we're there. Our support is unlimited and provided at no extra charge.

And in January, when our customers need us the most, we extend our support capacity and hours more than anyone else. Our established team have both academic and practical accountancy experience, so you know that whatever your problem, we can find a solution.

We’re all going to have to change how we think about data protection… On a basic level, your jobs involve handling personal data – payroll info, employee details, people’s expenditures. It’s your responsibility to keep that information secure and ensure that individuals’ rights are respected, with the risk of enforcement action and damaging publicity for your company if you get that wrong.

Elizabeth Denham, Information Commissioner on GDPR at an ICAEW lecture, 17 January 2017

TaxCalc GDPR Centre will help you manage and demonstrate your firm’s compliance under GDPR and stay in control, now and always.

Process Checklists

The GDPR requires that you have certain data protection processes in place in your practice, such as how you manage data records or your policy for holding data on children. These processes need to properly documented, followed and reviewed regularly. We’ve made it easy to record and update all ICO-recommended processes with our Process Checklists feature.

Data Activity Registers

This area in GDPR Centre helps you keep track of all your firm’s personal data activities in easily actionable sections. Since we know the working life of accountancy practices inside-out, we can save you considerable time by providing a number of pre-populated registers for the kinds of activities you undertake.

Risk Assessments

Preventing a data breach, mishandled data or any other form of non-compliance is much easier than dealing with the consequences. Conducting thorough and comprehensive risk assessments could also mitigate a fine if a risk scenario comes to pass. This area of GDPR Centre allows you to identify scenarios that carry a risk, record the potential impact of each risk and define your plan of action if such a scenario arises.

Example scenarios for you to assess in relation to your specific practice are provided to help you get going.

Data Subject Access Requests

This is a request made by, or on behalf of, an individual to see the information you hold on them. The request does not have to be in any particular format. You have to respond to this request within one month of receipt. If you receive a Data Subject Access Request, you can use GDPR Centre to easily retrieve client data already stored in Client Hub in order to respond quickly and easily, then track progress and ongoing activity, recording the whole process as you go.

Data Breach Register

If personal data is lost, destroyed, corrupted or inappropriately disclosed, you need to act promptly, logging the Data Breach and reporting it within 72 hours to the ICO when necessary and feasible, recording key details and actions taken. In GDPR Centre, recording and managing a Data Breach is a straightforward process. You can link the breach to tasks and monitor progress and resolutions.

System requirements:

An internet connection is needed in order to license your product and to file online to HMRC.

Minimum screen resolution: 1024 × 768

Server installation:

  • One of the following versions of Windows:
    • Microsoft Windows Server 2016
    • Microsoft Windows Server 2012
    • Microsoft Windows Server 2008
    • Microsoft Windows 10
    • Microsoft Windows 8.1
    • Microsoft Windows 8
    • Microsoft Windows 7
  • Appropriate hardware to run the above operating system
  • Adobe Reader version 9.0 or higher
  • Microsoft Office 2010 (for export to Word and Excel)

Standalone/client installation:


  • One of the following versions of Windows:
    • Microsoft Windows 10
    • Microsoft Windows 8.1
    • Microsoft Windows 8
    • Microsoft Windows 7
  • Appropriate hardware to run the above operating system
  • Adobe Reader version 9.0 or higher
  • Microsoft Office 2010 (for export to Word and Excel)


  • Intel Macintosh running Mac OS 10.12 (Sierra) or higher
  • Microsoft Office 2010 (for export to Word and Excel)


  • 64 bit kernel 3.10 (or higher), Debian (e.g. Ubuntu) or Redhat distributions
  • GUI
  • Office productivity software (for Word and Excel exports)

GDPR Centre in action

Along with GDPR consent management and contact administration features baked into TaxCalc Client Hub, you can use GDPR Centre to:

Log the appointment, training and actions of your nominated Data Protection Officer.

Record what kinds of personal data you hold (and why).

Track and file Data Subject Access Requests.

Create scenarios to test how your firm will react to a variety of situations.

Register data breaches - and help prevent them happening again.

Record any international data organisations you work with.

Frequently asked questions

The questions below provide immediate answers to many aspects of TaxCalc GDPR Centre.
If you have any further questions, please call 0345 5190 882 or email

What is GDPR Centre?

TaxCalc GDPR Centre is essentially a series of questionnaires and areas for you to populate and keep your practice fully compliant to the latest GDPR recommendations issued by the Information Commissioner’s Office (ICO).

TaxCalc GDPR Centre doesn’t just help you get compliant, it helps you stay compliant. Once set up, TaxCalc GDPR Centre will enable you to carry out annual compliance reviews. So, if ever you were audited – or some form of non-compliance such as a data breach or a complaint prompted an investigation - you can demonstrate that you’ve acted responsibly and compliantly over time.

How can TaxCalc GDPR Centre help my practice keep track of how personal data is processed and stored?

Under GDPR it’s vital you keep a record of how you use all personal data across your business. Whether it’s prospecting for new clients, engaging and managing existing clients, recruiting staff, taking care of HR issues, payroll and more, you need to have it covered.

The Data Activity Registers area in TaxCalc GDPR Centre helps you keep track of all your personal data activities in easily actionable sections. Simply click on the drop down menu and choose from one of ten key areas relating to personal data in your business and describe the activity.

You can always add new activity registers if you need. To keep you compliant, we will provide updated templates for you to follow and add to as you go along.

How do I keep track of Data Subject Access Requests (DSARs) I receive?

If you hold information on an individual or individuals and they ask to see that data, you have to share it with them – and also record their request and the actions you’ve taken to respond. The Data Subject Access Request (DSAR) area in TaxCalc GDPR Centre allows you to log DSARs and report relevant information, such as the originator, time and nature of the request. You can also assign the DSAR to someone else in your business to action and create tasks to track progress, ensuring that your response is timely.

How does TaxCalc GDPR Centre help with data breaches and management reporting?

Safeguarding information is of paramount importance to every organisation, large and small. A data breach can be anything from a lost memory stick or a misplaced password to a full-blown data hack. When a potential data breach occurs, you must assess the breach and determine the likelihood and severity of the risk to individuals rights and freedoms. If it is likely that there is a risk then you must notify the ICO within 72 hours of becoming aware of the breach. You will also need to detail the nature of the breach, its impact, how it happened, who’s affected and the steps you’ve taken to mitigate and resolve the issue. However, if you decide you don't need to report the breach, you also need to document your reasons.

In GDPR Centre, logging any data breach is a straightforward process. In the Data Breach area, simply complete the relevant fields to document all relevant aspects and actions. You can assign tasks, monitor progress and resolutions, print and share management reports and link the breach to a Risk Assessment if necessary.

Can the software help analyse the risk to personal data held by my firm?

If you could prevent a data breach - or the personal data you hold being compromised in any way - you would. Identifying potential risks and completing a risk assessment makes absolute business sense.

The Risk Assessments area of TaxCalc GDPR Centre allows you to identify processes that carry a risk as well as any unplanned scenarios that might occur. You can record the potential impact of each risk and define your plan of action if such a scenario arises.

Complying to GDPR means it’s down to you to spot possible risk scenarios and plan your actions in their event. To get you started, TaxCalc will provide a number templates that you can complete. Having risks documented heightens general awareness, care and demonstrates your willing adoption of GDPR practices.

I hear that there are data protection assurance checklists I can follow to stay in line with ICO guidelines. What are the process checklists and what will they do?

As part of its regulatory practice, the ICO issues a series of data protection assurance checklists. These cover a number of key areas of data compliance and help you review and take action where it matters most. Currently there are seven checklists covering everything from Information Security to Direct Marketing to usage of CCTV footage.

As guidance evolves, the ICO will continually update their checklists. But don’t worry about having to seek them out. When we release updates to TaxCalc GDPR Centre, we will provide you with the latest ICO checklists ad the actions you need to take. This makes it easy for you to demonstrate your ongoing commitment to the latest compliance recommendations.

What are the penalties for failing to comply with GDPR?

Potentially pretty serious! Penalties can fall into two classifications, a Higher Maximum or a Standard Maximum. The severity of the breach will determine the level of the fine imposed within each classification:

  • Higher Maximum fines can apply to any failure to comply to the data protection principles, any rights an individual may have or in relation to any transfers of data to third countries. The maximum fine a company will face is 4% of their annual global turnover, or €20 million, whichever is the highest.
  • Standard Maximum fines apply to the other provisions of the GDPR such as the administrative requirements. The maximum fine a company will face is 2% of annual global turnover, or €10 million, whichever is the highest.

Do I have to buy the software every year?

Yes. GDPR is not a one-time process. Continuous assessments and reviews are required and any changes to processed data or procedures that you perform must be updated and documented. You will also need to keep registers of subject access requests and breach notifications. Also, should the GDPR receive any amendments going forward, we will update the software to include the changes.

The ICO has stated that they will continuously update their GDPR guidance in line with any legal decisions made as the interpretations of the legislation become more apparent. Because the ICO’s guidance will change – not to mention the fact that we’re always improving our software – TaxCalc GDPR Centre will always be updated.

So to remain compliant you’ll need the latest software every year.

Choose your TaxCalc

Please select from the options below to build your TaxCalc GDPR Centre order.
GDPR Centre£131.00
Maintain GDPR registers and record any data breach and client's subject access requests

VAT will be calculated in the next step.