ICAEW.com works better with JavaScript enabled.

Data protection and privacy

Data protection and privacy are matters of professional concern to accountants in practice, industry or commerce. Organisations that collect, store or process personal information (personal data) on living and identifiable people (data subjects) must comply with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). Other relevant data protection and privacy legislation includes the Privacy and Electronic Communications Regulations (PECR), the Freedom of Information Act (FOIA) and the Data Protection (Charges and Information) Regulations 2018. This content is not intended to constitute legal advice. Specific legal advice should be sought before taking or refraining from taking any action in relation to the matters outlined.

In this section

FAQs, helpsheets and guidance

November 2020 Update: Data protection and Brexit

When the transition period ends on 31 December 2020, the UK will become what is known as a ‘third country’ by the EU. This means UK organisations or individuals cannot assume they can continue to process the personal data of EU data subjects in the same way as now.

Articles and features

Byte size

The cost of data breaches; monetising voice assistants; funding for UK cyber firms; small and wide data for analytics; post-pandemic innovation and growth; and UK streaming habits.

Data Protection now the UK has left the EU: February 2021 Update

The EU Commission has issued a draft decision that the UK will be granted a full adequacy decision which will enable data flows from the EU/EEA to continue as they did when the UK was in the EU. However the European Data Protection Board still has to formalise this and will not do this before it has consulted with member states.

Webinars and recordings

What's your data strategy?

Demystifying data. Before organisations can gain any value from data it is critical to have a clear data strategy that ties into an organisation's overall strategy.

GDPR what was all the fuss about?

The GDPR came into force in the UK on May 25 2018.  Many organisations put a lot of effort into preparing for that day.

Tech essentials - cyber recovery

Gain practical advice on how to be aware of vulnerabilities and threats, securing your data and recovering from a data breach.

GDPR update

Louise Marshall, solicitor and GDPR expert, provides a quick update on GDPR, highlights any pertinent case law and points out pitfalls that businesses need to avoid to ensure GDPR compliance.

Disclaimer: The opinions expressed by external guest speakers in interviews or other publications included on this website are, by their nature, those of the speaker. They are not necessarily fully endorsed by the ICAEW or purport to reflect the official policies and views of the ICAEW or its members.

Legal Alert is a monthly checklist from Atom Content Marketing highlighting new and pending laws, regulations, codes of practice and rulings that could have an impact on your business. Find out more about Atom Content Marketing

Legal Alert - October 2021

A monthly checklist from Atom Content Marketing highlighting new and pending laws, regulations, codes of practice and rulings that could have an impact on your business.

New Code: Information Commissioner’s Office Code for providers of online services which children are likely to access goes live

Organisations providing online services to children up to 18, or online services that children are likely to access, should ensure they are now complying with the Age Appropriate Design Code published by the Information Commissioner’s Office (ICO), which took full effect from 2 September 2020.

Disclaimer: These publications from Atom Content Marketing are for general guidance only, for businesses in the United Kingdom governed by the laws of England. Atom Content Marketing, expert contributors and ICAEW (as distributor) disclaim all liability for any errors or omissions.

eBooks

The Library & Information Service provides a hand-picked collection of eBooks as a benefit of membership. If you are unable to access an eBook, please see our Help and support or contact library@icaew.com

Personnel records and data protection

This chapter of the handbook looks at what personnel records an organisation should keep, data protection (please note this section has not been updated to reflect the Data Protection Act 2018 /GPPR) and the monitoring of e-mail and telephone calls. A sample e-mail and internet policy is supplied.

EU General Data Protection Regulation (GDPR): A practical guide, The

This handbook offers advice on the practical implementation of GDPR and analyses its impact. The guide examines the scope of GDPR, the organisational and material requirements for data protection, the rights of data subjects, the role of the Supervisory Authorities, enforcement and fines under the GDPR, and differences between EU jurisdictions.

Terms of use: You are permitted to access, download, copy, or print out content from eBooks for your own research or study only, subject to the terms of use set by our suppliers and any restrictions imposed by individual publishers. Please see individual supplier pages for full terms of use.

The Library & Information Service provides a hand-picked collection of industry press articles as a benefit of membership. If you are unable to access an article, please see our Help and support or contact library@icaew.com

Are proposed data protection changes a threat to the privacy of UK citizens?

Article details concerns that the Government plans to liberalise data protection laws and 'open the door to an unstoppable grab of personal and private data.'

EU recognises UK data protection adequacy but warns against divergence

Article reports on the EU granting the EU data adequacy, which allows data-sharing between the EU and UK and the EU's warning that this may be revoked if the UK's data protection laws fall out of alignment.

UK taskforce calls for GDPR protections on automated decision-making to be cut

Article discusses the UK’s Taskforce on Innovation, Growth and Regulatory Reform recommendation that safeguards against automated decision-making contained in the General Data Protection Regulation are scrapped as it hampers 'much needed progress'.

Terms of use: You are permitted to access articles subject to the terms of use set by our suppliers and any restrictions imposed by individual publishers. Please see individual supplier pages for full terms of use.

Useful links

General Data Protection Regulation (GDPR)

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Guide to the UK General Data Protection Regulation (UK GDPR)

Guide from the ICO explaining the provisions of the UK GDPR and what organisations need to do to comply with its requirements. Includes ‘In brief’ summaries and checklists as well as more detailed content in key areas.

ICAEW accepts no responsibility for the content on any site to which a hypertext link from this site exists. The links are provided ‘as is’ with no warranty, express or implied, for the information provided within them. Please see the full copyright and disclaimer notice.

* Some of the content on this web page was provided by the Chartered Accountants’ Trust for Education and Research, a registered charity, which owns the library and operates it for ICAEW.