ICAEW.com works better with JavaScript enabled.

Data protection and privacy

Data protection and privacy are matters of professional concern to accountants in practice, industry or commerce. Organisations that collect, store or process personal information (personal data) on living and identifiable people (data subjects) must comply with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). Other relevant data protection and privacy legislation includes the Privacy and Electronic Communications Regulations (PECR), the Freedom of Information Act (FOIA) and the Data Protection (Charges and Information) Regulations 2018.

This content is not intended to constitute legal advice. Specific legal advice should be sought before taking or refraining from taking any action in relation to the matters outlined.

In this section

FAQs, helpsheets and guidance

ICAEW Know How: Right to erasure

This guide summarises the general erasure obligations set out in GDPR, the exceptions available under GDPR and the DPA 2018 and provides practical interpretation of these in relation to various example service offerings that may be provided by ICAEW members.

ICAEW Know-How: Personal data breaches

The Data Protection Act 2018 (DPA 2018) came into force on 25 May 2018 to replace the Data Protection Act 1998. It sits alongside the General Data Protection Regulation (GDPR). This guide is part of a series that explain some of the new or more difficult concepts introduced by the DPA 2018 and the GDPR.

Articles and features

Risks of cognitive technologies

Key risk areas that have arisen from our research include inexplicability, data protection, bias and context, as well as wider automation risks. These areas include both larger-scale strategic risks around adopting cognitive technologies and tactical considerations that may affect specific projects.

Webinars and recordings

Essential update: GDPR and cyber security

This webinar will offer practical advice on GDPR and examine how taking simple steps can reduce the risk of cybercrime against individuals and companies. Hear insights from Dr Jane Berney, Manager, Business Law, ICAEW and Mark Taylor, Technical Manager, ICAEW.

How to scope an approach to GDPR readiness

In this webinar Stephen Adshead describes how Crowe Clark Whitehill prepared for GDPR. The webinar provides an insight as to Crowe Clark Whitehill educated their employees on GDPR and the steps they took internally to ensure they were ready for this major update of data protection regulations.

How can I tell if I'm a GDPR compliant?

In this webinar we briefly explore what it means to be compliant with the General Data Protection Regulation. The GDPR is based around a set of key principles and the assertion: 'The protection of natural persons in relation to the processing of personal data is a fundamental right'. This webinar briefly highlights some of the key principles and obligations as it applies to being GDPR compliant.

GDPR issues for auditors

This webinar will provide you with a brief reminder of the requirements of GDPR. The changes to the law and an explanation of the ways GDPR will impact how you carry out your audits and related engagements.

Legal Alert is a monthly checklist from Atom Content Marketing highlighting new and pending laws, regulations, codes of practice and rulings that could have an impact on your business. Find out more about Atom Content Marketing

Disclaimer: These publications from Atom Content Marketing are for general guidance only, for businesses in the United Kingdom governed by the laws of England. Atom Content Marketing, expert contributors and ICAEW (as distributor) disclaim all liability for any errors or omissions.

eBooks

The Library & Information Service provides a collection of eBooks as a benefit of membership. Please note that ICSA and Credo publications are only available to ICAEW members and ACA students.  Please log in to access these titles. If you are unable to access an eBook, please see our Help and support or contact library@icaew.com.

EU General Data Protection Regulation (GDPR): A practical guide, The

This handbook offers advice on the practical implementation of GDPR and analyses its impact. The guide examines the scope of GDPR, the organisational and material requirements for data protection, the rights of data subjects, the role of the Supervisory Authorities, enforcement and fines under the GDPR, and differences between EU jurisdictions.

Terms of use: You are permitted to access, download, copy, or print out content from eBooks for your own research or study only, subject to the terms of use set by our suppliers and any restrictions imposed by individual publishers. Please see individual supplier pages for full terms of use.

The Library & Information Service provides a hand-picked collection of industry press articles as a benefit of membership. If you are unable to access an article, please see our Help and support or contact library@icaew.com

Tantrums ahead as GPDR enters its terrible twos

Article looks at the success of the General Data Protection Regulations after it's first two years and discusses teething problems as well as how to best to maintain optimum compliance.

Data protection regulation compliance: whose job is it and is it really possible?

Article looks at GDPR compliance and what the different approaches look like.

How data privacy can be a benefit, not a burden

Article looks at how organisations can profit from data privacy by choosing not to monetarise their user data and make this a selling point and save money on the costs of data collection, dat protection and the cost, both financial and reputational of data breaches.

Terms of use: You are permitted to access articles subject to the terms of use set by our suppliers and any restrictions imposed by individual publishers. Please see individual supplier pages for full terms of use.

Data Protection Act 2018

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR) and replaces the Data Protection Act 1998.

General Data Protection Regulation (GDPR)

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Guide to the General Data Protection Regulation (GDPR)

Guide from the ICO explaining the provisions of the GDPR and what organisations need to do to comply with its requirements. Includes ‘In brief’ summaries and checklists as well as more detailed content in key areas.

* Some of the content on this web page was provided by the Chartered Accountants’ Trust for Education and Research, a registered charity, which owns the library and operates it for ICAEW.