Find out whether you should consider encrypting your data, how encryption works in practice and what types of appropriate technical and organisational measures are common.
Use this checklist to help your organisation to prepare for GDPR.
Find out why Brexit could impact data protection and how you can prepare.
This example password/pass phrase policy could be used by an organisation to help protect client and employee data. It is jointly published by ICAEW's Business Law and IT Faculty.
These FAQs consider the impact of GDPR and how affects accountants, including what is now included in personal data, how to prove accountability, as well as when and how ‘consent’ can be used as a lawful basis for processing. It explains the new responsibilities of data processors under GDPR as well as the role and responsibilities of data controllers.
GDPR came into force on 25 May 2018, and members must ensure they are compliant. Here we offer a concise round-up of the key considerations and provide some helpful links.
ICAEW has developed guidance for practice firms on what to include in engagement letters. This page provides a series of sample wordings to help you draft your own engagement letters.
A visual reminder of how to be GDPR compliant, which came into force on 25 May 2018. It gives guidance on how to prepare, protect and review your data.
FAQs, helpsheets and guidance
Louise Marshall, solicitor and GDPR expert, provides a quick update on GDPR, highlights any pertinent case law and points out pitfalls that businesses need to avoid to ensure GDPR compliance.
Experts answer your questions on data breaches, GDPR security and reporting to charity regulators
This guide provides an overview of the steps that an organisation should consider taking if they are subject to a cyber attack.
Guidance on when and how the personal data of EU and UK data subjects can be transferred to the US pre and post Brexit.
Articles and features
This page presents an overview of instructions and guidance for small practices to prepare for Brexit.
Email scams follow data hacks as surely as night follows day. And the Marriot/Starwood data breach case is just another in a very long line, says Leo Waldock.
The 2018 ICAEW Tax Faculty Conference was chaired by Mary Monfries and Frank Haskew. This article includes commentary from Nigel Holmes (Catax) on R&D tax relief and patent box; John Cassidy (Crowe Clark Whitehill) on HMRC enquiries; and practical points from the Tax Faculty team.
Webinars and videos
Dr Jane Berney, Business Law manager at the ICAEW and Professor Jim Gee, Head of the Forensic and Counter Fraud Services Team discuss cybercrime and GDPR in the manufacturing sector
Louise Marshall explains the rules surrounding GDPR and takes us through five easy steps to ensure compliance.
New and emerging developments of cyber security in the manufacturing sector. Hear from Dr Jane Berney Business Law Manager, ICAEW and Professor Jim Gee, Head of Forensic, cybercrime and counter fraud services, Crowe Clark Whitehill.
This webinar will offer practical advice on GDPR and examine how taking simple steps can reduce the risk of cybercrime against individuals and companies. Hear insights from Dr Jane Berney, Manager, Business Law, ICAEW and Mark Taylor, Technical Manager, ICAEW.
Employers should check if they may still automatically carry out blanket criminal conviction checks lawfully on prospective new employees, now that the General Data Protection Regulations (GDPR) and Data Protection Act 2018 are in force.
Owners of intellectual property (IP) rights such as trade marks are likely to find it harder to obtain details of UK domain name owners allegedly infringing their IP rights from May, because of the General Data Protection Regulation (GDPR).
Employers should identify who will need a Data Privacy Notices (DPN), determine what should be in them, and revisit their processes and procedures and staff training, to ensure the right individuals receive a DPN at the right time, in readiness for the General Data Protection Regulation (GDPR).
The government has revised the fee structure which will come into force on 25 May 2018. If you have paid your fee for this year you do not need to do anything but the new fees will apply when you renew. See also ICO guidance on the registration fees for GDPR.
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR) and replaces the Data Protection Act 1998.
Guidance from the National Cyber Security Centre (NCSC) on the introduction of the General Data Protection Regulation (GDPR) and what it means for cyber security.
EU level guidance on the General Data Protection Regulation. Produced by the Article 29 Working Party, an independent European advisory body on data protection.