ICAEW.com works better with JavaScript enabled.

Guidance on data protection

Read our FAQs and the latest guidance on Data protection and GDPR.

November 2020 Update: Data protection and Brexit

04-11-2020

When the transition period ends on 31 December 2020, the UK will become what is known as a ‘third country’ by the EU. This means UK organisations or individuals cannot assume they can continue to process the personal data of EU data subjects in the same way as now.

ICAEW Know How: Right to erasure

16-03-2020

This guide summarises the general erasure obligations set out in GDPR, the exceptions available under GDPR and the DPA 2018 and provides practical interpretation of these in relation to various example service offerings that may be provided by ICAEW members.

ICAEW Know-How: Personal data breaches

01-01-2020

The Data Protection Act 2018 (DPA 2018) came into force on 25 May 2018 to replace the Data Protection Act 1998. It sits alongside the General Data Protection Regulation (GDPR). This guide is part of a series that explain some of the new or more difficult concepts introduced by the DPA 2018 and the GDPR.

ICAEW Know-How: Data protection transparency

10-04-2019

This guide summarises the general transparency obligations set out in GDPR, the exceptions available under GDPR and the DPA 2018 and provides practical interpretation of these in relation to various example service offerings that may be provided by ICAEW members.

UK GDPR – Data processor or data controller?

Premium Content: This is exclusive item - please log in or subscribe to view this item.

01-07-2018

Helpsheet issued by ICAEW’s Technical Advisory Service to help ICAEW members to make their own assessment whether they act as a data processor or data controller under the GDPR.

What does the introduction of GDPR mean for accountants?

11-05-2018

These FAQs consider the impact of GDPR and how affects accountants, including what is now included in personal data, how to prove accountability, as well as when and how ‘consent’ can be used as a lawful basis for processing. It explains the new responsibilities of data processors under GDPR as well as the role and responsibilities of data controllers.

GDPR and pension funds

11-05-2018

This guide outlines the issues the General Data Protection Regulation (GDPR) raises for the trustees of pension funds, including their dealings with administrators and auditors. It is part of a series designed to answer the questions that members have been asking about the GDPR.

UK GDPR – Client files

Premium Content: This is exclusive item - please log in or subscribe to view this item.

26-04-2018

Helpsheet issued by ICAEW’s Technical Advisory Service to help ICAEW members to understand the requirements of the GDPR as it relates to client files applied to common situations experienced by a member.

UK GDPR – Data Breaches

Premium Content: This is exclusive item - please log in or subscribe to view this item.

01-04-2018

Technical helpsheet issued to help ICAEW members understand the requirements of the GDPR in relation to a data breach. Detailed guidance is available from the Information Commissioner’s Office (ICO).

UK GDPR – Lawful basis for processing

Premium Content: This is exclusive item - please log in or subscribe to view this item.

01-04-2018

Helpsheet issued by ICAEW’s Technical Advisory Service to help ICAEW members to understand the requirements of the GDPR in relation to lawful basis for processing.

UK GDPR – Data mapping and documentation

Premium Content: This is exclusive item - please log in or subscribe to view this item.

01-04-2018

Helpsheet issued by ICAEW’s Technical Advisory Service to help ICAEW members to understand how data mapping and documentation can assist in meeting the requirements of the GDPR.

UK GDPR – Rights of an individual

Premium Content: This is exclusive item - please log in or subscribe to view this item.

01-04-2018

Helpsheet issued by ICAEW’s Technical Advisory Service to help ICAEW members to understand the requirements of the GDPR in relation to the rights of an individual.

UK GDPR – Communicating safely with clients

Premium Content: This is exclusive item - please log in or subscribe to view this item.

01-04-2018

Helpsheet issued by ICAEW’s Technical Advisory Service to help ICAEW members to understand the requirements of the GDPR in relation to communicating safely with clients.

What to do about GDPR – a checklist

28-02-2018

Go through this checklist to make sure you're ready for the introduction of GDPR. The checklist includes: appointing someone senior to oversee the process, reviewing existing information and cyber security, mapping your data, reviewing contracts with clients, suppliers (anyone who processes your data) and employees, drafting data protection policies and procedures, and training staff.

What is the GDPR?

03-01-2018

These FAQs give accountants an overview of GDPR. It includes questions on how it differs from the current data protection approach, who will have to comply with it and whether Brexit will have an effect. It also explains key terms and concepts, including the accountability principle, the responsibilities of data processors, what a data protection officer is, and issues around data privacy.