Data protection and privacy are matters of professional concern to accountants in practice, industry or commerce.
This page is a brief introduction to the current legislation:
Data protection legislation in the UK changed when the General Data Protection Regulation (GDPR) came into force on 25 May 2018. At the same time the Data Protection Act 2018 (DPA 2018) came into force, replacing the Data Protection Act 1998 (DPA 98).
The GDPR applies to any individual and organisation trading within the EEA that may store or process personal data, irrespective of the size or function of the organisation. For more details on how the GDPR affects members see our Guide to the GDPR.
The DPA 2018 incorporates the GDPR into UK law as well as adding derogations allowed by the GDPR and new requirements covering law enforcement data and national security data.
The DPA 2018:
For more details on what the DPA 2018 will mean for you please see the Information Commissioner’s Office’s (ICO) guide which will be updated on a regular basis.
The Data Protection (Charges and Information) Regulations 2018 introduced a new 3 tier fee structure for data controllers replacing the registration (notification) fee payable under the DPA 98. Under the new rules any organisation that determines the purpose for which personal data is processed (controllers) must pay a data protection fee unless they are exempt.
See the ICO’s guides on PECR and Direct Marketing for further information on what this means for you.
Under The Freedom of Information Act 2000 public authorities are obliged to publish certain information about their activities; and members of the public are entitled to request information from public authorities. It is based on the principle that people have a right to know about the activities of public authorities, unless there is a good reason for them not to.
The FOIA designates a wide range of bodies as public authorities. The Secretary of State, however, may designate as a public authority for the purposes of the FOIA an entity that is providing, under a contract made with a public authority, a service whose provision is a function of that authority. In this case if a public authority, for example, outsources its internal audit services to a member, then the member could become subject to FOIA in respect of the outsourced (ie internal audit services in this example) service only.
Further guidance is available from the ICO.
For ICAEW guidance on the implications for members see: