ICAEW.com works better with JavaScript enabled.

ICAEW's guide to GDPR

The General Data Protection Regulation (GDPR) came into force on 25 May 2018. It applies to everyone trading within the EEA (including UK individuals and organisations). This content is not intended to constitute legal advice. Specific legal advice should be sought before taking or refraining from taking any action in relation to the matters outlined.

In this section

FAQs, helpsheets and guidance

GDPR - Countdown to 25 May 2018

A visual reminder of how to be GDPR compliant, which came into force on 25 May 2018. It gives guidance on how to prepare, protect and review your data.

What does the introduction of GDPR mean for accountants?

These FAQs consider the impact of GDPR and how affects accountants, including what is now included in personal data, how to prove accountability, as well as when and how ‘consent’ can be used as a lawful basis for processing. It explains the new responsibilities of data processors under GDPR as well as the role and responsibilities of data controllers.

Articles and features

Cover story: Ensuring cyber resilience

As cyber security risks continue to expand and evolve at an increasing pace, so cyber resilience becomes critical to an organisation’s ability to operate. George Quigley covers the best approach in four steps: business assessment, governance and oversight, risk management framework and incident response and recovery.

Webinars and videos

Cybercrime and GDPR in the Manufacturing Sector

Dr Jane Berney, Business Law manager at the ICAEW and Professor Jim Gee, Head of the Forensic and Counter Fraud Services Team discuss cybercrime and GDPR in the manufacturing sector

GDPR and cyber security in the manufacturing sector

New and emerging developments of cyber security in the manufacturing sector. Hear from Dr Jane Berney Business Law Manager, ICAEW and Professor Jim Gee, Head of Forensic, cybercrime and counter fraud services, Crowe Clark Whitehill.

Essential update: GDPR and cyber security

This webinar will offer practical advice on GDPR and examine how taking simple steps can reduce the risk of cybercrime against individuals and companies. Hear insights from Dr Jane Berney, Manager, Business Law, ICAEW and Mark Taylor, Technical Manager, ICAEW.

New Funding Regime for the ICO

The government has revised the fee structure which will come into force on 25 May 2018. If you have paid your fee for this year you do not need to do anything but the new fees will apply when you renew. See also ICO guidance on the registration fees for GDPR.

Data Protection Act 2018

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR) and replaces the Data Protection Act 1998.

What GDPR means for cyber security

Guidance from the National Cyber Security Centre (NCSC) on the introduction of the General Data Protection Regulation (GDPR) and what it means for cyber security.

Article 29 Working Party guidelines

EU level guidance on the General Data Protection Regulation. Produced by the Article 29 Working Party, an independent European advisory body on data protection.