Quick answer: GeraCompliance is a privacy, AI-governance and digital-regulation workflow platform. UK organisations use it to manage UK GDPR records of processing (ROPA), ICO registration, data subject access requests (DSARs), the Data Protection and Digital Information Bill's new duties as they come into force, Online Safety Act duty-of-care evidence, and — for UK vendors serving EU customers — EU AI Act conformity assessments. From £49/month for SMEs.

The UK regulatory stack

UK GDPR & Data Protection Act 2018 — the UK's post-Brexit data-protection regime. Core obligations: lawful basis, ROPA, DPIA for high-risk, DSAR response within one calendar month, 72-hour breach notification to the ICO.
Information Commissioner's Office (ICO) — the UK supervisory authority. Controllers and most processors register and pay the data-protection fee (from £40 tier 1 to £2,900 tier 3 annually).
Data Protection and Digital Information (DPDI) Bill — the intended UK reform package. We track its staged implementation and update templates as provisions commence.
Online Safety Act 2023 — duties of care for user-to-user services and search services. Risk assessments, safety duties, transparency reports. GeraCompliance provides the evidence log.
PECR (Privacy and Electronic Communications Regulations) — cookie consent, marketing email, CLI rules. Consent management built in.
EU AI Act spillover — UK vendors placing AI systems on the EU market or whose outputs are used in the EU fall inside the Act. We maintain conformity-assessment templates for high-risk AI systems.
Sectoral add-ons — CQC for health, FCA Consumer Duty and ICOBS for financial services, Ofcom for broadcasting, ESRS / SECR for reporting.

UK pricing in pounds sterling

Starter (under 10 staff): £49/month — ROPA, DSAR tracker, policy templates
Growth (10–100 staff): £199/month — DPIA, breach log, vendor register, training
Enterprise (100+ staff): bespoke — AI Act conformity, DPO-as-a-service, audit support, SSO
ICO data-protection fee passthrough: £40/£60/£2,900 depending on tier — passed through at cost, we remit to ICO

Fair comparison with UK alternatives

OneTrust — enterprise-grade, breadth of modules, significant annual licence cost.
DataGuard — privacy and InfoSec-as-a-service with human support, strong UK coverage.
GDPR.EU templates / ICO templates — free starting points but you must run the processes yourself.
TrustArc — mature US/EU platform with UK module.
Keepabl — UK-founded privacy operations platform.
GeraCompliance — UK-focused, modern UI, AI-Act-ready, low entry price for SMEs.

Real UK use case — a Manchester fintech scaling into the EU

A Manchester-based fintech with 45 staff holds UK GDPR ROPA, ICO registration, and 14 vendors in GeraCompliance. They launch a loan-decisioning model for the EU market, which is a high-risk AI system under the EU AI Act. GeraCompliance walks them through the data-governance, risk-management, transparency, human oversight and post-market monitoring obligations. CE marking completed. Total platform spend: £199/month plus a one-off £2,400 conformity-assessment support fee.

UK coverage and integrations

Integrates with ICO registration, Companies House, HMRC MTD, Cyber Essentials certification, ISO 27001, SOC 2 Type II evidence stores, and Microsoft 365 / Google Workspace audit logs.

Related Gera services for UK compliance teams

PrivacyGuard — browser privacy extension teams can roll out enterprise-wide
GeraJobs — hiring with Equality Act, Right-to-Rent, IR35 workflows baked in
GeraCash — 5AMLD/6AMLD transaction-level record-keeping exports

What we do not do

Provide legal advice — we give workflow + templates; a UK solicitor advises
Register you with the ICO on your behalf without your active confirmation
Guarantee an ICO outcome — only the ICO does that

Next step

Start a 14-day UK trial at geracompliance.com/trial. First DSAR can be handled through the platform within 30 minutes of onboarding.