ICAEW.com works better with JavaScript enabled.

ICAEW's guide to GDPR

The General Data Protection Regulation (GDPR) came into force on 25 May 2018. It applies to everyone trading within the EEA (including UK individuals and organisations). This content is not intended to constitute legal advice. Specific legal advice should be sought before taking or refraining from taking any action in relation to the matters outlined.

In this section

FAQs, helpsheets and guidance

GDPR - Countdown to 25 May 2018

A visual reminder of how to be GDPR compliant, which came into force on 25 May 2018. It gives guidance on how to prepare, protect and review your data.

What does the introduction of GDPR mean for accountants?

These FAQs consider the impact of GDPR and how affects accountants, including what is now included in personal data, how to prove accountability, as well as when and how ‘consent’ can be used as a lawful basis for processing. It explains the new responsibilities of data processors under GDPR as well as the role and responsibilities of data controllers.

GDPR and pension funds

This guide outlines the issues the General Data Protection Regulation (GDPR) raises for the trustees of pension funds, including their dealings with administrators and auditors. It is part of a series designed to answer the questions that members have been asking about the GDPR.

GDPR for accountants: Consent and Marketing

These FAQs answers the questions on consent and marketing raised by viewers of the Business Law and IT Faculty Webinar ‘GDPR: Your questions answered’, broadcast on 23 January 2018, with answers provided by Jane Berney and Mark Taylor

Articles and features

GDPR update

Whatever stage of GDPR-readiness your organisation has reached, ICAEW has resources that can help you to consolidate and go further, writes Lesley Meall.

Webinars and videos

GDPR and cyber security in the manufacturing sector

New and emerging developments of cyber security in the manufacturing sector. Hear from Dr Jane Berney Business Law Manager, ICAEW and Professor Jim Gee, Head of Forensic, cybercrime and counter fraud services, Crowe Clark Whitehill.

Essential update: GDPR and cyber security

This webinar will offer practical advice on GDPR and examine how taking simple steps can reduce the risk of cybercrime against individuals and companies. Hear insights from Dr Jane Berney, Manager, Business Law, ICAEW and Mark Taylor, Technical Manager, ICAEW.

How to scope an approach to GDPR readiness

In this webinar Stephen Adshead describes how Crowe Clark Whitehill prepared for GDPR. The webinar provides an insight as to Crowe Clark Whitehill educated their employees on GDPR and the steps they took internally to ensure they were ready for this major update of data protection regulations.

The Data Protection Act 2018

The new Data Protection Act 2018 comes into to force on 25 May 2018. It replaces the current Data Protection Act 1998.

New Funding Regime for the ICO

The government has revised the fee structure which will come into force on 25 May 2018. If you have paid your fee for this year you do not need to do anything but the new fees will apply when you renew. See also ICO guidance on the registration fees for GDPR.

What GDPR means for cyber security

Guidance from the National Cyber Security Centre (NCSC) on the introduction of the General Data Protection Regulation (GDPR) and what it means for cyber security.

Article 29 Working Party guidelines

EU level guidance on the General Data Protection Regulation. Produced by the Article 29 Working Party, an independent European advisory body on data protection.