ICAEW.com works better with JavaScript enabled.

Data protection

All businesses that collect, store and use information on living and identifiable people must comply with the Data Protection Act. The articles, guides and links on this page provide further information on the regulations and some of the key issues for firms.

What's on this page?

  • Legal Alert
  • Briefings
  • ICAEW guides and publications
  • Online articles
  • Small Business Update
  • Useful links: legislation, guidance, organisations
  • Articles and books in the Library collection

Contact the Library

Expert help for your enquiries and research.

E  library@icaew.com
T  +44 (0)20 7920 8620
F  +44 (0)20 7920 8621

See also

Legal Alert

Legal Alert is a monthly checklist from Atom Content Marketing highlighting new and pending laws, regulations, codes of practice and rulings that could have an impact on your business.

Showing 3 of 32 items


Directors' Briefings and Start-Up Briefings are four-page guides written for the busy practitioner, director and entrepreneur providing concise, practical advice on core business issues.

Web site and email law


Some people think that the Internet is an unregulated free-for-all, but this is simply not the case.

Disclaimer: These publications from Atom Content Marketing are for general guidance only, for businesses in the United Kingdom governed by the laws of England. Atom Content Marketing, expert contributors and ICAEW (as distributor) disclaim all liability for any errors or omissions.

ICAEW guides and publications

The ICAEW has published a number of guides on data protection and the accounting profession.

Information on the latest developments in this area can be found on the data protection topics page on the ICAEW website.

Online articles

The library provides access to a range of articles in full text from leading business, finance and management journals. Access to articles is provided to logged-in ICAEW members, ACA students and other entitled users subject to suppliers' terms of use.

Data rights and digital wrongs

Digital marketers should be aware of the regulations applying in Great Britain and train their staff accordingly. The article covers key requirements, penalties, and current European Union initiatives in this area.

Tips for choosing the right global cloud infrastructure provider

The top considerations for businesses planning to adopt infrastructure as a service (IaaS) on the cloud.

What to do after a security breach

Just as companies have fire drills, they should practice what they will do when a data breach occurs.

Showing 3 of 5 items

Small Business Update

Small Business Update is a monthly magazine for SMEs with articles covering the latest regulatory developments, practical advice and hot topics.

Customer database


Keeping your customer information accurate and up to date is vital. Failure to do so could result in costly and possibly embarrassing mistakes.

Health information and data protection


The Data Protection Act sets out specific principles for the collection and use of workers' health information. So what health information can you collect and what can you use it for while still respecting their right to privacy?

The Freedom of Information Act


Public bodies now have to release information they hold on you – even to your competitors – unless exemptions apply. These tips will make sure nothing confidential gets into the public domain inadvertently

Showing 3 of 5 items

Useful links

Legislation and regulations

Commission proposes a comprehensive reform of the data protection rules
European Commission news release published on 25 January 2012. Includes links to factsheets on data protection reform, surveys and the proposed legislative texts.

Data Protection Act 1998
Full text of the act that came into force on 1 March 2000. It applies to computerised personal data, and to personal data held in structured manual files.

Data Protection Directive 1995
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

This is not an exhaustive list of legislation on data protection. The ICAEW Library holds numerous print publications on data protection law and also subscribes to electronic databases with the complete text of UK legislation. For information on accessing these resources, please contact the Library.

Information Commissioner's Office (ICO)

Guide to data protection
Detailed guidance for UK organisations, covering:

  • key definitions of the Data Protection Act
  • data protection principles
  • processing personal data fairly and lawfully
  • the rights of individuals
  • information security

Code of practice on use of CCTV by employers with special reference to CCTV in pubs.

Electronic marketing
Information on how to apply the Privacy and Electronic Communications Regulations, with practical examples and frequently asked questions.

Information for small businesses on the Employment Practices Code with links to the full Code and supplementary guidance.

Small business
A range of guides and information aimed at SMEs, including:

European Commission

Protection of personal data
Comprehensive guide to data protection issues within the EU. Topics include:

  • obligations of data controllers
  • handling complaints
  • protecting personal data
  • data protection bodies
  • legislation

Other organisations

Data protection and your business
Guide from GOV.UK covering issues relevant to organisations, including:

  • managing staff records
  • monitoring staff at work
  • using CCTV

Being monitored at work: workers' rights
Guide from GOV.UK for employees monitored through CCTV, bag searches, email checking and other methods.

Data protection guidance
Guidance from the Ministry of Justice on the application of the Data Protection Act 1998, including:

  • Undertaking privacy impact assessments: The Data Protection Act 1998
  • How data protection affects my business or organisation
  • Jargon buster for data sharing and protection

European document retention guide (PDF 9.18mb/384 pages)
Detailed guide to records management in Europe from De Brauw Blackstone Westbroek. Compares legal requirements for data protection across 16 countries. Published October 2014.

Under cyber attack: EY's global information security survey 2013
Latest edition of EY's annual survey report looking at how organisations are addressing current threats and how businesses can proactively prepare for potential new risks.

Data protection and freedom of information standards
Overview from the British Standards Institution with links to related information, news and publications.

US Department of Commerce Safe Harbor Portal
Comprehensive website supporting the Safe Harbor privacy framework in the US, including an overview, documentation, workbook, a certification form and a safe harbor search service (searchable by state or industry sector).

Articles and books in the Library collection

To find out how you can borrow books from the Library please see our guide to book loans.

You can obtain copies of articles or extracts of books and reports by post, fax or email through our document supply service.

Can't find what you are looking for?

If you're having trouble finding the information you need, ask the Library & Information Service. Contact us by telephone on +44 (0)20 7920 8620, by web chat or by email at library@icaew.com.

ICAEW accepts no responsibility for the content on any site to which a hypertext link from this site exists. The links are provided ‘as is’ with no warranty, express or implied, for the information provided within them. Please see the full copyright and disclaimer notice.