ICAEW.com works better with JavaScript enabled.

Data protection

All organisations that collect, store or process personal information on living and identifiable people must comply with the Data Protection Act 2018. Additional resources can be found on the GDPR (now the Data Protection Act 2018 in the UK) here, icaew.com/gdpr

In this section

Features and articles

The essential guide to GDPR

Despite the step change in the technical environment and the massive increase in personal data that is being created every day, the regulations have not moved on since the 1998 Data Protection Act. The main advice from the information commissioner was to prepare now for the changes that are coming under the new GDPR.

GDPR – Communicating safely with clients

Helpsheet issued by ICAEW’s Technical Advisory Service to help ICAEW members to understand the requirements of the GDPR in relation to communicating safely with clients.

Webinars and recordings

GDPR update

Louise Marshall, solicitor and GDPR expert, provides a quick update on GDPR, highlights any pertinent case law and points out pitfalls that businesses need to avoid to ensure GDPR compliance.

Cybercrime and GDPR in the Manufacturing Sector

Dr Jane Berney, Business Law manager at the ICAEW and Professor Jim Gee, Head of the Forensic and Counter Fraud Services Team discuss cybercrime and GDPR in the manufacturing sector

Legal Alert is a monthly checklist from Atom Content Marketing highlighting new and pending laws, regulations, codes of practice and rulings that could have an impact on your business. Find out more about Atom Content Marketing

Case law: Data protection exemption for ‘journalistic activities’ is wider than just professional journalists’ activities

Individuals who secretly film and post videos on YouTube and similar sites may be able to rely on an exemption for ‘journalistic activities’ to justify what would otherwise be a breach of data protection rules. This follows a new, wider definition of the exemption put forward in a recent Court of Justice of the European Union ruling.

Disclaimer: These publications from Atom Content Marketing are for general guidance only, for businesses in the United Kingdom governed by the laws of England. Atom Content Marketing, expert contributors and ICAEW (as distributor) disclaim all liability for any errors or omissions.


The Library & Information Service provides a collection of eBooks as a benefit of membership. Please note that ICSA and Credo publications are only available to ICAEW members and ACA students.  Please log in to access these titles. If you are unable to access an eBook, please see our Help and support or contact library@icaew.com.

EU General Data Protection Regulation (GDPR): A practical guide, The

This handbook offers advice on the practical implementation of GDPR and analyses its impact. The guide examines the scope of GDPR, the organisational and material requirements for data protection, the rights of data subjects, the role of the Supervisory Authorities, enforcement and fines under the GDPR, and differences between EU jurisdictions.

Terms of use: You are permitted to access, download, copy, or print out content from eBooks for your own research or study only, subject to the terms of use set by our suppliers and any restrictions imposed by individual publishers. Please see individual supplier pages for full terms of use.

The Library & Information Service provides a hand-picked collection of industry press articles as a benefit of membership. If you are unable to access an article, please see our Help and support or contact library@icaew.com

Journey to GDPR: are we nearly there yet?

Article reports on the progress made so far, with not as many heavy fines being levied as expected, since the implementation of the General Data Protection Regulation in May 2018.

Cloud compliance in the age of GDPR

The article offers information on the businesses that are among Europe’s leading adopters of cloud storage and computing. The ongoing process of cloud compliance is looked at, including auditing internal processes and framework standard for GDPR ISO 27001 and ISO 27018 are mentioned.

Brexit implications for data protection

The article focuses on the implications of Brexit for data protection issues in the UK. It highlights the implications of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018

Terms of use: You are permitted to access articles subject to the terms of use set by our suppliers and any restrictions imposed by individual publishers. Please see individual supplier pages for full terms of use.

* Some of the content on this web page was provided by the Chartered Accountants’ Trust for Education and Research, a registered charity, which owns the library and operates it for ICAEW.