In the nick of time: EU grants UK data protection adequacy decision
With the 30 June deadline approaching, the EU has agreed an adequacy decision for the UK, allowing the free flow of personal data from the EU to the UK to continue.
Data protection and privacy
Data protection and privacy are matters of professional concern to accountants in practice, industry or commerce. Organisations that collect, store or process personal information (personal data) on living and identifiable people (data subjects) must comply with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). Other relevant data protection and privacy legislation includes the Privacy and Electronic Communications Regulations (PECR), the Freedom of Information Act (FOIA) and the Data Protection (Charges and Information) Regulations 2018. This content is not intended to constitute legal advice. Specific legal advice should be sought before taking or refraining from taking any action in relation to the matters outlined.
Featured items
In this section
FAQs, helpsheets and guidance
Data protection and Brexit - October 2020 update
October 2020 update on data protection and Brexit – what you need to know and how to prepare your business.
Data Protection and Covid19 - implications for ICAEW members
Updated guidance from the ICO
ICAEW Know How: Right to erasure
This guide summarises the general erasure obligations set out in GDPR, the exceptions available under GDPR and the DPA 2018 and provides practical interpretation of these in relation to various example service offerings that may be provided by ICAEW members.
Articles and features
Your Continuing Professional Development Record
ICAEW are required to monitor the CPD of its members and under Principal Byelaw 56, Continuing professional development (CPD) regulations | ICAEW, you have been selected to present your CPD record for review.
Accountant’s Guide to UK Crypto Tax
Want to understand cryptocurrency tax? Got crypto clients or getting questions about crypto? The theory behind crypto tax is not as cryptic as you might think. That's because most countries use familiar tax law on cryptocurrencies like Bitcoin. In this guide designed for Accountants, we'll take you through the key facts, followed by more in-depth guidance for your country.
Data Subject Access Requests and the comments your clients and employees have the right to see
What is said behind closed doors is no longer necessarily private. In an upcoming webinar, legal experts from Haddletons will share tips on exactly what you are required to show when dealing with a Data Subject Access Requests.
Byte size
The cost of data breaches; monetising voice assistants; funding for UK cyber firms; small and wide data for analytics; post-pandemic innovation and growth; and UK streaming habits.
Webinars and recordings
Data Subject Access Requests – what you need to know
View the recording and accompanying factsheet from our DSAR webinar which took place on 25 May 2022 - a collaboration between ICAEW and Haddletons.
Data Subject Access Requests – what you need to know
View the recording and accompanying factsheet from our DSAR webinar which took place on 25 May 2022 - a collaboration between ICAEW and Haddletons.
Evaluating the risk of cyber-crime and data breach
Are you doing enough to manage the risk of cyber-crime and data breach in your business? Marsh Commercial will focus on the risk of cyber specifically to small practitioners, and may highlight the gaps in your cover that are leaving your business exposed.
What's your data strategy?
Demystifying data. Before organisations can gain any value from data it is critical to have a clear data strategy that ties into an organisation's overall strategy.
Disclaimer: The opinions expressed by external guest speakers in interviews or other publications included on this website are, by their nature, those of the speaker. They are not necessarily fully endorsed by the ICAEW or purport to reflect the official policies and views of the ICAEW or its members.
Legal alert
Legal Alert is a monthly checklist from Atom Content Marketing highlighting new and pending laws, regulations, codes of practice and rulings that could have an impact on your business. Find out more about Atom Content Marketing
New law: Government proposes significant changes to UK data protection laws
Businesses and other organisations are bracing themselves for proposed changes to UK data protection rules, which are currently modelled on the EU’s General Data Protection Regulations (GDPR), now that the UK has left the EU.
New guidance: ICO guidance helps employers ensure compliance with data protection laws as COVID restrictions end
Employers will welcome new guidance from the Information Commissioner's Office (ICO) designed to help them continue to comply with data protection laws now that COVID-19 restrictions have been removed.
New guidance: ICO issues guidance to help organisations handle data protection consequences of ransomware attacks
Businesses and other organisations will welcome guidance from the Information Commissioner’s Office (ICO) ‘Ransomware and data protection compliance’, aimed at helping them comply with their data protection obligations if they are the victim of a ransomware attack.
Disclaimer: These publications from Atom Content Marketing are for general guidance only, for businesses in the United Kingdom governed by the laws of England. Atom Content Marketing, expert contributors and ICAEW (as distributor) disclaim all liability for any errors or omissions.
eBooks
The Library & Information Service provides a hand-picked collection of eBooks as a benefit of membership. If you are unable to access an eBook, please see our Help and support or contact library@icaew.com
Personnel records and data protection
This chapter of the handbook looks at what personnel records an organisation should keep, data protection (please note this section has not been updated to reflect the Data Protection Act 2018 /GPPR) and the monitoring of e-mail and telephone calls. A sample e-mail and internet policy is supplied.
EU General Data Protection Regulation (GDPR): A practical guide, The
This handbook offers advice on the practical implementation of GDPR and analyses its impact. The guide examines the scope of GDPR, the organisational and material requirements for data protection, the rights of data subjects, the role of the Supervisory Authorities, enforcement and fines under the GDPR, and differences between EU jurisdictions.
Terms of use: You are permitted to access, download, copy, or print out content from eBooks for your own research or study only, subject to the terms of use set by our suppliers and any restrictions imposed by individual publishers. Please see individual supplier pages for full terms of use.
Industry press
The Library & Information Service provides a hand-picked collection of industry press articles as a benefit of membership. If you are unable to access an article, please see our Help and support or contact library@icaew.com
ICO criticises government-backed campaign to delay end-to-end encryption
The article reports that the Information Commissioner's Office (ICO) has stepped into the debate over end-to-end encryption (E2EE), warning that delaying its introduction leaves everyone at risk – including children. It mentions that the privacy watchdog said end-to-end encryption plays an important role in safeguarding privacy and online safety, protecting children from abusers, and is crucial for business services.
Cloud storage compliance pitfalls
Article outlines post-Brexit cloud storage compliance issues that could be an issue for organisations. These include the Data Protection Act 2018, the Payment Card Industry Data Security Standard (PCI DSS) and the Network and Information Systems (NIS) Directive.
The critical first step to data security
The article discusses the essential data security strategies that management accountants can use in applying business performance measurement skills in the identification of key performance indicators (KPI) for data security and classification. Topics include the IBM data showing that data breach average cost stood at 4.24 million dollars in 2020, and the importance of data classification as the foundation of data security.
Terms of use: You are permitted to access articles subject to the terms of use set by our suppliers and any restrictions imposed by individual publishers. Please see individual supplier pages for full terms of use.
Useful links
Data Protection Act 2018
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR) and replaces the Data Protection Act 1998.
General Data Protection Regulation (GDPR)
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Guide to Privacy and Electronic Communications Regulations
Guidance from the ICO for organisations that wish to send electronic marketing messages (by phone, fax, email or text), use cookies, or provide electronic communication services to the public.
Guide to the UK General Data Protection Regulation (UK GDPR)
Guide from the ICO explaining the provisions of the UK GDPR and what organisations need to do to comply with its requirements. Includes ‘In brief’ summaries and checklists as well as more detailed content in key areas.
ICAEW accepts no responsibility for the content on any site to which a hypertext link from this site exists. The links are provided ‘as is’ with no warranty, express or implied, for the information provided within them. Please see the full copyright and disclaimer notice.