ICAEW.com works better with JavaScript enabled.

Data protection

The Data Protection Act 2018 and the General Data Protection Regulations came into effect on 25 May 2018. All businesses that collect, store, share and use information on living and identifiable people must comply with the requirements of the new legislation.

The articles, guides and links on this page provide further information on the regulations and some of the key issues for firms.

What's on this page?

  • Legal Alert
  • ICAEW guides and publications
  • Online articles
  • Useful links
  • Articles and books in the Library

General Data Protection Regulation (GDPR)

Find the latest information from ICAEW on the General Data Protection Regulation including guides, FAQs and webinars.

See also

Legal Alert

Legal Alert is a monthly checklist from Atom Content Marketing highlighting new and pending laws, regulations, codes of practice and rulings that could have an impact on your business.

Showing 3 of 44 items

ICAEW guides and publications

The ICAEW has published a number of guides on data protection and the accounting profession.

Information on the latest developments in this area can be found on the data protection topics page on the ICAEW website.

Online articles

The Library provides access to leading business, finance and management journals. These journals are available to logged-in ICAEW members, ACA students and other entitled users subject to suppliers' terms of use.

Does GDPR spoil the blockchain party for everyone?

We've all heard rumours of how blockchain will change our working lives forever, but what happens when its irresistible appeal meets the immovable object of GDPR? Kevin Philips, CEO of IDU finds out.

Don't become a statistic: protecting corporate and personal info in the cloud

The article discusses several ways to protect corporate and personal data in the cloud. These ways include ensuring that the network perimeter is appropriately configured, setting guidelines for staff and upskilling them, and carefully choosing cloud software. It notes that hackers are getting more sophisticated and it can be hard to detect attacks.

How companies turn you into money

The article offers information regarding the use of personal data by various companies that they gathered through certain devices and platform to promote income. It mentions various technologies which gathers user's personal information that were used by certain companies to advertise or discriminate individuals for income which include fingerprinting browsers, mobile web traffic, and software development kits (SDKs).

Showing 3 of 28 items

Useful links

Legislation and regulations

Data Protection Act 2018
The new Data Protection Act 2018 comes into to force on 25 May 2018. It replaces the Data Protection Act 1998. The Information Commissioner's Office (ICO) have provided guidance for organisations on the new act.

Reform of EU data protection rules
Summary of the changes to data protection law in the EU. The new regulation entered into force on 24 May 2016 and applies from 25 May 2018. The site includes factsheets on data protection reform.

This is not an exhaustive list of legislation on data protection. The ICAEW Library holds numerous print publications on data protection law and also subscribes to electronic databases with the complete text of UK legislation. For information on accessing these resources, please contact the Library.

Information Commissioner's Office (ICO)

Guide to the General Data Protection Regulation (GDPR)
Detailed guidance for UK organisations, covering:

  • key definitions
  • principles
  • lawful basis for processing
  • individual rights
  • security

Guide to the General Data Protection Regulation (GDPR)
Guide from the ICO explaining the provisions of the GDPR and what organisations need to do to comply with its requirements. Includes ‘In brief’ summaries and checklists as well as more detailed content in key areas.

What’s new under the GDPR?
More detailed guidance from the ICO for UK organisations on legitimate interests under GDPR

GDPR myths
A series of blog posts from the ICO aiming to bust some of the myths that have developed around General Data Protection Regulation compliance. Topics covered include data breach reporting, new fining powers and the issue of consent.

Code of practice on use of CCTV by employers with special reference to CCTV in pubs.

Electronic marketing
Information on how to apply the Privacy and Electronic Communications Regulations, with practical examples and frequently asked questions.

Small business
A range of guides and information aimed at SMEs.

European Commission

Protection of personal data
Comprehensive guide to data protection issues within the EU. Topics include:

  • obligations of data controllers
  • handling complaints
  • protecting personal data
  • data protection bodies
  • legislation

Article 29 Working Party Guidelines
EU level guidance on the General Data Protection Regulation. Produced by the Article 29 Working Party, an independent European advisory body on data protection.

Other organisations

Data protection and your business
Guide from GOV.UK covering issues relevant to organisations, including:

  • managing staff records
  • monitoring staff at work
  • using CCTV

Being monitored at work: workers' rights
Guide from GOV.UK for employees monitored through CCTV, bag searches, email checking and other methods.

Data protection guidance
Guidance from the Ministry of Justice on the application of the Data Protection Act 1998, including:

  • Undertaking privacy impact assessments: The Data Protection Act 1998
  • How data protection affects my business or organisation
  • Jargon buster for data sharing and protection

Cybersecurity regained: preparing to face cyber attacks. 20th Global Information Security Survey 2017–18
Latest edition of EY's annual survey report looking at how organisations can address current threats and how businesses can proactively prepare for potential new risks.

Data protection and freedom of information standards
Overview from the British Standards Institution with links to related information, news and publications.

US Department of Commerce Safe Harbor Portal
Comprehensive website supporting the Safe Harbor privacy framework in the US, including an overview, documentation, workbook, a certification form and a safe harbor search service (searchable by state or industry sector).

Atom Content Marketing guides

Articles and books in the Library collection

To find out how you can borrow books from the Library please see our guide to book loans.

You can obtain copies of articles or extracts of books and reports by post, fax or email through our document supply service.

Can't find what you are looking for?

If you're having trouble finding the information you need, ask the Library & Information Service. Contact us by telephone on +44 (0)20 7920 8620, by web chat or by email at library@icaew.com.

ICAEW accepts no responsibility for the content on any site to which a hypertext link from this site exists. The links are provided ‘as is’ with no warranty, express or implied, for the information provided within them. Please see the full copyright and disclaimer notice.