If you are still looking for audit-specific enlightenment on GDPR compliance, read on…
When the General Data Protection Regulation (GDPR) became enforceable on 25 May 2018, many organisations were still looking to the Information Commissioner’s Office (ICO) and professional bodies such as ICAEW for clarification and guidance. It will take some time for practitioners and clients to work through some GDPR challenges, overcome misunderstandings, understand accepted practice and adapt as legal precedents are set. Meanwhile, ICAEW is providing the profession with regular updates and the faculty is providing audit-specific support.
“We’ve tried to make everything we’ve produced as practical as possible, because although the ICO guidance is good and expanding all the time, it is generic,” says Jane Berney, manager, business law, ICAEW. Resources at icaew.com/gdpr include: checklists; webinars; helpsheets with examples of engagement letters (for data controllers and processors); guidance on privacy notices with a template; a Q&A on what GDPR means for accountants; and GDPR guidance for small firms.
In advance of the May deadline, the faculty organised a webinar covering GDPR issues for auditors (and you can watch a recording of this at icaew.com/aafwebinars). Emile Spoor, a GDPR expert from Deloitte, gives a brief general introduction to the GDPR, then his colleague Richard Gillin, an auditor and GDPR expert who is also part of our Technical and Practical Auditing Committee, covers aspects of GDPR compliance that will be of particular interest to auditors.
Find out more
Members of the Audit and Assurance Faculty, International Standards and subscribers to Faculties Online
To read the complete article, subscribe to Faculties Online or join the Audit and Assurance Faculty and get access to this article in full, plus all future publications, events, webinars and services.