ICAEW.com works better with JavaScript enabled.

Data protection and privacy

Data protection and privacy are matters of professional concern to accountants in practice, industry or commerce. Organisations that collect, store or process personal information (personal data) on living and identifiable people (data subjects) must comply with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). Other relevant data protection and privacy legislation includes the Privacy and Electronic Communications Regulations (PECR), the Freedom of Information Act (FOIA) and the Data Protection (Charges and Information) Regulations 2018.

This content is not intended to constitute legal advice. Specific legal advice should be sought before taking or refraining from taking any action in relation to the matters outlined.

In this section

FAQs, helpsheets and guidance

ICAEW Know How: Right to erasure

This guide summarises the general erasure obligations set out in GDPR, the exceptions available under GDPR and the DPA 2018 and provides practical interpretation of these in relation to various example service offerings that may be provided by ICAEW members.

ICAEW Know-How: Personal data breaches

The Data Protection Act 2018 (DPA 2018) came into force on 25 May 2018 to replace the Data Protection Act 1998. It sits alongside the General Data Protection Regulation (GDPR). This guide is part of a series that explain some of the new or more difficult concepts introduced by the DPA 2018 and the GDPR.

Articles and features

Risks of cognitive technologies

Key risk areas that have arisen from our research include inexplicability, data protection, bias and context, as well as wider automation risks. These areas include both larger-scale strategic risks around adopting cognitive technologies and tactical considerations that may affect specific projects.

Webinars and recordings

Tech essentials - cyber recovery

Gain practical advice on how to be aware of vulnerabilities and threats, securing your data and recovering from a data breach.

Essential update: GDPR and cyber security

This webinar will offer practical advice on GDPR and examine how taking simple steps can reduce the risk of cybercrime against individuals and companies. Hear insights from Dr Jane Berney, Manager, Business Law, ICAEW and Mark Taylor, Technical Manager, ICAEW.

How to scope an approach to GDPR readiness

In this webinar Stephen Adshead describes how Crowe Clark Whitehill prepared for GDPR. The webinar provides an insight as to Crowe Clark Whitehill educated their employees on GDPR and the steps they took internally to ensure they were ready for this major update of data protection regulations.

How can I tell if I'm a GDPR compliant?

In this webinar we briefly explore what it means to be compliant with the General Data Protection Regulation. The GDPR is based around a set of key principles and the assertion: 'The protection of natural persons in relation to the processing of personal data is a fundamental right'. This webinar briefly highlights some of the key principles and obligations as it applies to being GDPR compliant.

Legal Alert is a monthly checklist from Atom Content Marketing highlighting new and pending laws, regulations, codes of practice and rulings that could have an impact on your business. Find out more about Atom Content Marketing

Case law: Information Commissioner’s Office publishes code of practice for providers of online services which children are likely to access

Organisations providing online services to children up to 18, or online services that children are likely to access, should consider whether they are complying with a new age appropriate design code of practice published by the Information Commissioner’s Office (ICO).

Disclaimer: These publications from Atom Content Marketing are for general guidance only, for businesses in the United Kingdom governed by the laws of England. Atom Content Marketing, expert contributors and ICAEW (as distributor) disclaim all liability for any errors or omissions.

eBooks

The Library & Information Service provides a collection of eBooks as a benefit of membership. Please note that ICSA and Credo publications are only available to ICAEW members and ACA students.  Please log in to access these titles. If you are unable to access an eBook, please see our Help and support or contact library@icaew.com.

Personnel records and data protection

This chapter of the handbook looks at what personnel records an organisation should keep, data protection (please note this section has not been updated to reflect the Data Protection Act 2018 /GPPR) and the monitoring of e-mail and telephone calls. A sample e-mail and internet policy is supplied.

Employer's handbook 2017-18

The Employer's Handbook gives guidance for all small- to medium-sized employers in the UK, clearly identifying the legal essentials and best-practice guidelines for effective people management.

EU General Data Protection Regulation (GDPR): A practical guide, The

This handbook offers advice on the practical implementation of GDPR and analyses its impact. The guide examines the scope of GDPR, the organisational and material requirements for data protection, the rights of data subjects, the role of the Supervisory Authorities, enforcement and fines under the GDPR, and differences between EU jurisdictions.

Terms of use: You are permitted to access, download, copy, or print out content from eBooks for your own research or study only, subject to the terms of use set by our suppliers and any restrictions imposed by individual publishers. Please see individual supplier pages for full terms of use.

The Library & Information Service provides a hand-picked collection of industry press articles as a benefit of membership. If you are unable to access an article, please see our Help and support or contact library@icaew.com

GDPR at two: how far have we come?

Article discusses how the changes GDPR brought in have effected business and consumers and what needs to be changed in future.

Tantrums ahead as GPDR enters its terrible twos

Article looks at the success of the General Data Protection Regulations after it's first two years and discusses teething problems as well as how to best to maintain optimum compliance.

Data protection regulation compliance: whose job is it and is it really possible?

Article looks at GDPR compliance and what the different approaches look like.

Terms of use: You are permitted to access articles subject to the terms of use set by our suppliers and any restrictions imposed by individual publishers. Please see individual supplier pages for full terms of use.

Data Protection Act 2018

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR) and replaces the Data Protection Act 1998.

General Data Protection Regulation (GDPR)

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Guide to Privacy and Electronic Communications Regulations

Guidance from the ICO for organisations that wish to send electronic marketing messages (by phone, fax, email or text), use cookies, or provide electronic communication services to the public.

Guide to the General Data Protection Regulation (GDPR)

Guide from the ICO explaining the provisions of the GDPR and what organisations need to do to comply with its requirements. Includes ‘In brief’ summaries and checklists as well as more detailed content in key areas.

* Some of the content on this web page was provided by the Chartered Accountants’ Trust for Education and Research, a registered charity, which owns the library and operates it for ICAEW.