GDPR governance · compliance event management · tamper-evident evidence

You don’t need a lawyer
to prove you did the work.

GDPRLedger governs your GDPR baseline — and responds when real things happen. Build your evidence record task by task. When a data breach, DSAR, new supplier, or regulatory enquiry arrives, the platform opens an event workspace, guides the response, generates the documents, and adds it to your evidence pack. Automatically.

Get early access → How it works ↓
£99
Foundation
£229
Standard
£699
Pro
SHA‑256
Tamper-evident pack
How it works

Two tracks. One evidence record.

GDPRLedger doesn’t do the work for you — it governs the proof that you did it. Build your baseline through the programme. Handle what happens next through events. Both tracks produce evidence that goes into the same pack.

Track 1 — Build your baseline
01

Assessment

Answer 42 questions about your organisation. GDPRLedger maps your obligations and sequences the programme accordingly. No two programmes look the same.

02

Guided tasks

Each task shows the statutory requirement in plain English, a checklist of what your evidence must include, an illustrative example, and a Document Generator to produce a first draft tailored to your organisation.

03

Generate & confirm documents

The Document Generator produces a draft from your organisation context. You review, edit, and confirm. A dated, signed PDF is auto-attached to your evidence pack. You are the author — GDPRLedger governs the record.

04

Export your evidence pack

A SHA-256 tamper-evident export captures every task completed, document uploaded, and decision recorded — with timestamps. Yours permanently, regardless of your renewal status.

Track 2 — Handle what happens next
01

Something happens

A DSAR arrives. A breach is discovered. A new supplier is engaged. A staff member joins or leaves. A regulator makes an enquiry. These are compliance events — and they happen whether or not your programme is complete.

02

Declare the event

Select the event type. Answer a short set of questions. GDPRLedger opens an event workspace, assigns a reference number, and starts any applicable deadline clock —72 hours for a breach, 30 days for a DSAR.

03

Follow the guided response

The platform generates the required documents, tracks the steps, and keeps the audit trail. Handling a real DSAR automatically completes the DSAR procedure task in your programme. Real events count as evidence.

04

Evidence added automatically

Every event response is logged, timestamped, and added to your evidence pack alongside your programme tasks. A regulator asking “how did you handle this?” gets a documented, dated answer.

Get early access →

Not legal advice · Governance activity record only · Practitioner review recommended for complex situations

Compliance event management

Your programme doesn’t stop when it’s complete.
Neither does ours.

Things happen in the life of every business. GDPRLedger handles them in a governed, documented way from day one — without waiting for the programme to finish.

🚨
Data breach
72-hour ICO deadline · Breach Assessment · Art.33(3) notification draft · ICO submission record
📬
Subject access request
30-day clock · Response log · Exemption assessment · Third-party redaction record
🔗
New data processor
DPA checklist · Art.28(3) agreement · Processor register entry
🌍
International transfer
Transfer mechanism check · TRA · Adequacy or IDTA record
👤
Staff joiner
Employee privacy notice · Training record · Access provisioning log
🚪
Staff leaver
Access revocation · Data handling confirmation · Departure record
📅
Annual review
Programme re-validation · Legislative change check · Evidence pack refresh
⚖️
Regulatory enquiry
Evidence pack export · Response log · Correspondence record
💡
Events are active from day one on Standard and Pro
You don’t need to complete the programme before declaring an event. A DSAR that arrives on your first day is handled immediately — and handling it automatically completes the relevant programme tasks.
76 event triggers
25 situation cards
Standard & Pro
Standard vs Pro

Standard governs a business.
Pro governs a data custodian.

Professional services firms don’t just hold their own data — they hold their clients’ data and sensitive AML records with statutory retention obligations that actively conflict with GDPR. That’s a categorically different compliance posture.

Standard · General business organisations

You are a data controller

You determine the purposes and means of processing your own operational data — customer records, staff data, marketing, suppliers. GDPR’s full framework applies in its general form.

  • Regulatory pressure: ICO enforcement, fines, reputational risk
  • Primary obligation: comply with EU/UK GDPR for your own data
  • Evidence audience: ICO, internal governance, customers
  • Events: DSAR, breach, new processor, staff changes, annual review
54 tasks · 76 event triggers · £229 one-off · £149/yr renewal
Pro · Regulated professional services

You are a controller, a processor, and a regulated entity

You control your own data, process your clients’ data as their processor, and operate under MLR 2017 / POCA 2002 which impose AML obligations that directly conflict with GDPR’s erasure and storage limitation principles.

  • Regulatory pressure: supervisory authority + HMRC + NCA + professional body
  • Primary obligation: GDPR + MLR 2017 + POCA 2002 simultaneously
  • Evidence audience: regulator, clients, ICAEW/ACCA/SRA, tenders
  • Events: all Standard events plus AML destruction triggers & client lifecycle
87 tasks · dual-framework events · £699 one-off · £349/yr renewal
Evidence packs

Standard: one pack. Pro: two.

The second pack is a client-shareable governance summary for onboarding, due diligence, and tender support. Both packs are yours permanently — regardless of your renewal status.

✓  Standard governance pack
📄GDPR_Governance_Activity_Record.pdfSigned
📋Article_30_ROPA.pdfTimestamped
🔒Lawful_Basis_Register.pdfEvidence
🧾Breach_Response_Plan.pdfEvidence
📂Compliance_Event_Log.pdfEvents
🔏SHA256_Integrity_Manifest.txtTamper-evident
Audience: ICO, internal governance, customers. Produced by Foundation, Standard, and Pro.
✓  Pro processor governance pack (additional pack)
📜Data_Processing_Agreements_Register.pdfArt.28
📋AML_GDPR_Conflict_Resolution_Record.pdfMLR 2017
📄Regulatory_Obligations_Matrix.pdfHMRC · NCA
📜Pro_Governance_Activity_Record.pdfMLRO sign-off
Audience: clients, tender assessors, ICAEW/ACCA/SRA, HMRC supervisors. Pro only.
“We don’t do the work. We govern the proof the work was done.”
GovProtocol · GDPRLedger
Full comparison

Everything, side by side

FeatureFoundationStandardPro
Programme scope
Governed compliance tasks
10–12
54
87
Three-layer task guidanceStatutory · checklist · illustrative example
Sector-specific task extensionsAML, tipping-off, client lifecycle, DPO, multi-client
Pro only
Document generation
Document GeneratorTailored draft from org context · review, edit & confirm · PDF auto-attached
Inclusion checklist confirmationUser-verified element checklist · responsibility on the organisation
Compliance event management
Event workspace76 triggers · 25 situation cards · reference number · deadline tracking
Breach response — 72-hour ICO deadline management
DSAR workflow — 30-day deadline, exemption assessment
Dual-framework events — GDPR + MLR 2017AML client lifecycle, STR/DSAR conflict, destruction triggers
Pro only
Evidence & outputs
Timestamped, tamper-evident evidence pack
Evidence pack access — permanent, regardless of renewal
Client-shareable processor governance packFor tenders, procurement, client due diligence
Pro only
Regulatory obligations matrixHMRC, NCA, ICO, professional bodies
Pro only
Access & renewal
Initial programme access
Permanent
90 days
120 days
Annual renewal — keeps event workspace liveLegislative alerts · document refresh · programme re-validation
£99/yr
£149/yr
£349/yr
Annual re-attestation — structured programmeAML destruction triggers, DPO review, regulatory matrix update
Pro only
Partner programme — refer clients, earn commission
Pro only
Pricing · Launchpad

Build your evidence record.
Govern it when it matters.

Pay once to build your baseline. Annual renewal keeps your event workspace live and your programme current. Your evidence pack is yours permanently — regardless of renewal status.

Foundation

GDPRLedger

Sole traders, freelancers, micro businesses

£99 one-off
Permanent access · no time limit · evidence pack yours forever
Optional annual update — keeps programme current
£99 /year
  • 10–12 governed tasks (profile-dependent)
  • Document Generator — tailored first drafts
  • Inclusion checklist confirmation
  • Tamper-evident evidence pack — permanently yours
  • Event management workflows
  • Breach response & DSAR workspace
Get early access →
Most popular
Standard

GDPRLedger

SMEs with customers, staff, or supplier relationships

£229 one-off
90-day access · evidence pack yours forever
Annual renewal — keeps event workspace live
£149 /year
  • 54 governed tasks across 5 phases
  • Compliance event management — 76 triggers
  • Document Generator & inclusion checklist
  • Complete ROPA, lawful basis mapping, all rights procedures
  • Breach response plan, log & DSAR workspace
  • Timestamped, tamper-evident evidence pack
  • AML/GDPR procedures
  • Client processor governance pack
Get early access →
Professional Services
Pro

GDPRLedger Pro

AML-regulated accountancy and legal firms

£699 one-off
120-day access · both packs yours forever
Annual renewal — incl. AML re-attestation cycle
£349 /year
  • 87 governed tasks (54 Standard + 33 sector)
  • AML/GDPR retention conflict workflow
  • Tipping-off × DSAR procedure
  • Client-shareable processor governance pack
  • Dual-framework event management
  • Annual re-attestation — AML destruction triggers
  • Partner programme — 20–25% commission
Get early access →
One-off purchase · Evidence pack yours forever · Annual renewal optional for Foundation, required for Standard & Pro event management · Powered by GovProtocol

Accountant or compliance advisor?

Complete GDPRLedger Pro for your own firm — then refer your SME clients to Standard and earn 20–25% commission on every purchase and renewal. You’re already in the room when the compliance conversation happens. Your governance record becomes your referral credential.

Partner programme →
Guides & resources

UK GDPR compliance guides

Plain-English guides to GDPR obligations, derived from UK GDPR (DPA 2018 / DUAA 2025) and ICO guidance. EU GDPR guides also available.

Fundamentals
What is UK GDPR Lawful basis for processing Data subject rights Subject access requests 72-hour breach notification Privacy notices
Fundamentals
ROPA — Article 30 Data retention Data Protection Officer Cookies & consent International transfers Full UK GDPR guide →
By sector
UK GDPR for accountants UK GDPR for solicitors UK GDPR for letting agents UK GDPR for HR & employers UK GDPR for small businesses EU GDPR guides →
Questions

Common questions

Which tier do I need?
Foundation is for sole traders, freelancers, and micro businesses that need a documented governance baseline without complex supplier relationships or staff data. Standard is for SMEs with customers, staff, a website, or suppliers — and any organisation that needs to respond to DSARs, breaches, or other compliance events in a governed, documented way. Pro is for AML-regulated professional services firms — accountants, solicitors, and similar — where GDPR obligations intersect with MLR 2017 and POCA 2002.
Can I start with Standard and upgrade to Pro later?
Yes. All 54 Standard tasks and all event records carry forward into Pro unchanged. If you complete Standard and later decide to extend to Pro, your existing evidence is preserved.
Why does Standard need annual renewal?
The one-off purchase gives you your baseline programme and a permanent evidence pack. Annual renewal keeps the event management workspace live — so you can continue to declare and govern compliance events, receive legislative change alerts, and refresh your documents as regulations and your organisation evolve. Without renewal, your account moves to read-only mode and you can still access and download your evidence pack at any time.
Are compliance events available from day one?
Yes. On Standard and Pro, you can declare and govern compliance events immediately — before you have completed a single programme task. A DSAR or breach that arrives on your first day is handled straight away, and the event evidence is added to your record alongside the programme tasks.
What is the Document Generator?
For each task requiring a document, the Document Generator produces a tailored draft based on your organisation profile and assessment answers. You review, edit, and confirm the draft before it becomes part of your evidence pack. GDPRLedger is not the author of your documents — you are. The platform governs the record of what you produced and when.
What is the client-shareable processor governance pack?
A sanitised summary of your firm’s data governance programme, designed to be shared with clients during onboarding, tender processes, and due diligence. It is a governed, timestamped record — not a legal certification of adequacy. Pro only.
Is this legal advice?
No. GDPRLedger is a governance programme tool. It structures the process, collects evidence, and produces a timestamped governance record. It does not determine whether you are compliant and is not a substitute for legal advice. Practitioner review is recommended for complex situations.
Does this cover both UK GDPR and EU GDPR?
Both. The programme is structured around core GDPR obligations which are governed by UK GDPR (Data Protection Act 2018 and DUAA 2025). This page covers the EU version (€ pricing, ICO supervisory framework). See the UK version for UK GDPR / DPA 2018 / DUAA 2025 content and £ pricing.
Policies

Customer policies

Customer service & contact

For questions about your programme, account access, billing, or technical issues, contact us by email. We aim to respond within two business days.

Email: support@gdprledger.com

Refund & dispute policy

GDPRLedger is a digital access product. Because access is granted immediately on payment, we do not offer refunds once your account has been activated and you have accessed the programme.

If a technical issue prevents access, contact us within 14 days. Customers in the EU also have access to the EU Online Dispute Resolution platform.

Renewal & cancellation

The initial purchase is a one-off payment — no subscription is created and nothing recurs automatically. Annual renewal is a separate optional purchase for Foundation, and available for Standard and Pro to keep the event management workspace live.

Renewal is never automatic. Your evidence pack remains accessible permanently regardless of renewal status.

Promotions & launchpad pricing

Prices shown are Launchpad prices — introductory pricing available during the initial launch period. Partner programme commission (20–25%) applies to referred purchases and renewals during the partner’s active agreement period.

Early access

GDPRLedger is coming soon

Join the early access list and be notified when the programme opens. £129 Standard · £449 Pro · One-off payment · No subscription.

No spam. Your email is used only to notify you of programme launch.