ICAEW.com works better with JavaScript enabled.

ICAEW's guide to GDPR

The General Data Protection Regulation (GDPR) came into force on 25 May 2018. It applies to everyone trading within the EEA (including UK individuals and organisations). This content is not intended to constitute legal advice. Specific legal advice should be sought before taking or refraining from taking any action in relation to the matters outlined.

In this section

FAQs, helpsheets and guidance

Articles and features

Cyber risk: genuine threat or overhyped?

Many of you might be tired and weary of hearing about GDPR, data protection and cyber risk. Opt-in, opt-out, updated terms and conditions… the fact that so many businesses have taken different approaches to the way they manage personal data adds to the continuing uncertainty surrounding this area

Webinars and videos

The ABCDs of accountancy and technology

Join ICAEW’s Kirstin Gillon and David Lyford-Smith as they walk you through the essentials of the four major technology trends affecting accountants today: AI, Blockchain, Cybersecurity, and Data.

GDPR update

Louise Marshall, solicitor and GDPR expert, provides a quick update on GDPR, highlights any pertinent case law and points out pitfalls that businesses need to avoid to ensure GDPR compliance.

Cybercrime and GDPR in the Manufacturing Sector

Dr Jane Berney, Business Law manager at the ICAEW and Professor Jim Gee, Head of the Forensic and Counter Fraud Services Team discuss cybercrime and GDPR in the manufacturing sector

New Funding Regime for the ICO

The government has revised the fee structure which will come into force on 25 May 2018. If you have paid your fee for this year you do not need to do anything but the new fees will apply when you renew. See also ICO guidance on the registration fees for GDPR.

Data Protection Act 2018

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR) and replaces the Data Protection Act 1998.

What GDPR means for cyber security

Guidance from the National Cyber Security Centre (NCSC) on the introduction of the General Data Protection Regulation (GDPR) and what it means for cyber security.

Article 29 Working Party guidelines

EU level guidance on the General Data Protection Regulation. Produced by the Article 29 Working Party, an independent European advisory body on data protection.