TaxCalc's approach to GDPR

Article ID: 2832
Last updated: 31 Oct, 2019

What is GDPR

GDPR stands for General Data Protection Regulation. The GDPR effectively replaced the Data Protection Act (1998) as of 25 May 2018.

The GDPR sets out guidelines for managing personally identifiable information. It applies to data ‘controllers’ and ‘processors’ and is entirely based on ‘principles’ not ‘rules’ - aspiring to a set of broad goals and standards, rather than specific adherence to stipulated laws.

What is a Data Controller?

A data controller determines the purposes and means of processing data. It is also often the collector of the data from the data subject.

What is a Data Processor?

A data processor is responsible for processing personal data on behalf of a data controller.

Within this article we will cover the instances in which TaxCalc is:

There is another Knowledge Base article where TaxCalc is the data processor in relation to our CloudConnect Service.

GDPR Data Controller Compliance

TaxCalc is the data controller in terms of the information we hold for your account with us. This complies with the GDPR regulations as set out by the ICO (Information Commissioner's Office). We have reviewed all personal data within our systems to ensure we only collect and process relevant data and have identified the lawful basis for doing so. Please refer to our Information Security Policy and Privacy Policy for more details.

Consent management is a crucial area for TaxCalc. We have reviewed our process for consent management so that it complies with the GDPR and have implemented changes to the registration process and account management.

All of TaxCalc’ s existing policies, internal and external have and will be continuously reviewed.

Although there is not a requirement to appoint a Data Protection Officer, TaxCalc has had one for many years. Currently Ian Belcher (TaxCalc's Chief Information Officer) fulfils this role and the Compliance team are leading the ongoing changes for GDPR.

Data Processor Compliance

A lot of actions mentioned in the Data Controller section apply here as well. Data audit is one of the core areas. The same information management mapping is applied to processed data as it is to controlled data.

Further notes

For further information on GDPR regulations, please refer to the ICO website. They are the regulators and provide detailed information and guidance on the GDPR.

The GDPR does not stop on 25 May 2018. We continuously review our processes and documentation to keep up to date and remain compliant with all areas of regulation, but especially data protection. We are dedicated to ensuring your personal data is kept as safe and secure as possible at all times.

Article ID: 2832
Last updated: 31 Oct, 2019
Revision: 2
Views: 566
This article was: