ICAEW.com works better with JavaScript enabled.

Data protection and privacy

Data protection and privacy are matters of professional concern to accountants in practice, industry or commerce. Organisations that collect, store or process personal information (personal data) on living and identifiable people (data subjects) must comply with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). Other relevant data protection and privacy legislation includes the Privacy and Electronic Communications Regulations (PECR), the Freedom of Information Act (FOIA) and the Data Protection (Charges and Information) Regulations 2018. This content is not intended to constitute legal advice. Specific legal advice should be sought before taking or refraining from taking any action in relation to the matters outlined.

In this section

FAQs, helpsheets and guidance

November 2020 Update: Data protection and Brexit

When the transition period ends on 31 December 2020, the UK will become what is known as a ‘third country’ by the EU. This means UK organisations or individuals cannot assume they can continue to process the personal data of EU data subjects in the same way as now.

Articles and features

Data Protection now the UK has left the EU: February 2021 Update

The EU Commission has issued a draft decision that the UK will be granted a full adequacy decision which will enable data flows from the EU/EEA to continue as they did when the UK was in the EU. However the European Data Protection Board still has to formalise this and will not do this before it has consulted with member states.

Staying safe in cyber space

The results of government consultation on cyber regulation and incentives have recently been published. Kirstin Gillon highlights some key findings.

HMRC to publish furlough claim details

If you are claiming furlough grant monies on behalf of your clients from 1 December 2020 you may wish to make your clients aware that HMRC is required to publish the names of employers and an indicative value of claims in the public domain irrespective of any data protection agreements you may have in place with them.

Webinars and recordings

What's your data strategy?

Demystifying data. Before organisations can gain any value from data it is critical to have a clear data strategy that ties into an organisation's overall strategy.

Tech essentials - cyber recovery

Gain practical advice on how to be aware of vulnerabilities and threats, securing your data and recovering from a data breach.

GDPR update

Louise Marshall, solicitor and GDPR expert, provides a quick update on GDPR, highlights any pertinent case law and points out pitfalls that businesses need to avoid to ensure GDPR compliance.

GDPR and cyber security in the manufacturing sector

New and emerging developments of cyber security in the manufacturing sector. Hear from Dr Jane Berney Business Law Manager, ICAEW and Professor Jim Gee, Head of Forensic, cybercrime and counter fraud services, Crowe Clark Whitehill.

Disclaimer: The opinions expressed by external guest speakers in interviews or other publications included on this website are, by their nature, those of the speaker. They are not necessarily fully endorsed by the ICAEW or purport to reflect the official policies and views of the ICAEW or its members.

Legal Alert is a monthly checklist from Atom Content Marketing highlighting new and pending laws, regulations, codes of practice and rulings that could have an impact on your business. Find out more about Atom Content Marketing

New practice: Employers may need access to employees’ private phones, email, social media accounts, etc to satisfy data protection obligations

Employers whose employees are allowed to use their own phones, computers or tablets, private email accounts and messaging services, or personal accounts on social or business media such as Twitter, LinkedIn, WhatsApp or Instagram for work purposes should ensure they are able to require their employees to give them access to personal data held on those phones, accounts etc where this is required to comply with data protection laws.

Disclaimer: These publications from Atom Content Marketing are for general guidance only, for businesses in the United Kingdom governed by the laws of England. Atom Content Marketing, expert contributors and ICAEW (as distributor) disclaim all liability for any errors or omissions.

eBooks

The Library & Information Service provides a hand-picked collection of eBooks as a benefit of membership. If you are unable to access an eBook, please see our Help and support or contact library@icaew.com

Personnel records and data protection

This chapter of the handbook looks at what personnel records an organisation should keep, data protection (please note this section has not been updated to reflect the Data Protection Act 2018 /GPPR) and the monitoring of e-mail and telephone calls. A sample e-mail and internet policy is supplied.

EU General Data Protection Regulation (GDPR): A practical guide, The

This handbook offers advice on the practical implementation of GDPR and analyses its impact. The guide examines the scope of GDPR, the organisational and material requirements for data protection, the rights of data subjects, the role of the Supervisory Authorities, enforcement and fines under the GDPR, and differences between EU jurisdictions.

Terms of use: You are permitted to access, download, copy, or print out content from eBooks for your own research or study only, subject to the terms of use set by our suppliers and any restrictions imposed by individual publishers. Please see individual supplier pages for full terms of use.

The Library & Information Service provides a hand-picked collection of industry press articles as a benefit of membership. If you are unable to access an article, please see our Help and support or contact library@icaew.com

EU recognises UK data protection adequacy but warns against divergence

Article reports on the EU granting the EU data adequacy, which allows data-sharing between the EU and UK and the EU's warning that this may be revoked if the UK's data protection laws fall out of alignment.

UK taskforce calls for GDPR protections on automated decision-making to be cut

Article discusses the UK’s Taskforce on Innovation, Growth and Regulatory Reform recommendation that safeguards against automated decision-making contained in the General Data Protection Regulation are scrapped as it hampers 'much needed progress'.

Industry reflects on 3 years of GDPR

Article assesses how GDPR has weathered the effects of both COVID-19 and Brexit and considers what the coming twelve months may hold for data protection.

Terms of use: You are permitted to access articles subject to the terms of use set by our suppliers and any restrictions imposed by individual publishers. Please see individual supplier pages for full terms of use.

Useful links

General Data Protection Regulation (GDPR)

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Guide to the UK General Data Protection Regulation (UK GDPR)

Guide from the ICO explaining the provisions of the UK GDPR and what organisations need to do to comply with its requirements. Includes ‘In brief’ summaries and checklists as well as more detailed content in key areas.

ICAEW accepts no responsibility for the content on any site to which a hypertext link from this site exists. The links are provided ‘as is’ with no warranty, express or implied, for the information provided within them. Please see the full copyright and disclaimer notice.

* Some of the content on this web page was provided by the Chartered Accountants’ Trust for Education and Research, a registered charity, which owns the library and operates it for ICAEW.