ICAEW.com works better with JavaScript enabled.

Data protection and privacy

Data protection and privacy are matters of professional concern to accountants in practice, industry or commerce. Organisations that collect, store or process personal information (personal data) on living and identifiable people (data subjects) must comply with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). Other relevant data protection and privacy legislation includes the Privacy and Electronic Communications Regulations (PECR), the Freedom of Information Act (FOIA) and the Data Protection (Charges and Information) Regulations 2018. This content is not intended to constitute legal advice. Specific legal advice should be sought before taking or refraining from taking any action in relation to the matters outlined.

In this section

FAQs, helpsheets and guidance

ICAEW Know How: Right to erasure

This guide summarises the general erasure obligations set out in GDPR, the exceptions available under GDPR and the DPA 2018 and provides practical interpretation of these in relation to various example service offerings that may be provided by ICAEW members.

Articles and features

Webinars and recordings

Evaluating the risk of cyber-crime and data breach

Are you doing enough to manage the risk of cyber-crime and data breach in your business? Marsh Commercial will focus on the risk of cyber specifically to small practitioners, and may highlight the gaps in your cover that are leaving your business exposed.

Evaluating the risk of cyber-crime and data breach

Are you doing enough to manage the risk of cyber-crime and data breach in your business? Marsh Commercial will focus on the risk of cyber specifically to small practitioners, and may highlight the gaps in your cover that are leaving your business exposed.

What's your data strategy?

Demystifying data. Before organisations can gain any value from data it is critical to have a clear data strategy that ties into an organisation's overall strategy.

Disclaimer: The opinions expressed by external guest speakers in interviews or other publications included on this website are, by their nature, those of the speaker. They are not necessarily fully endorsed by the ICAEW or purport to reflect the official policies and views of the ICAEW or its members.

Legal Alert is a monthly checklist from Atom Content Marketing highlighting new and pending laws, regulations, codes of practice and rulings that could have an impact on your business. Find out more about Atom Content Marketing

Disclaimer: These publications from Atom Content Marketing are for general guidance only, for businesses in the United Kingdom governed by the laws of England. Atom Content Marketing, expert contributors and ICAEW (as distributor) disclaim all liability for any errors or omissions.

eBooks

The Library & Information Service provides a hand-picked collection of eBooks as a benefit of membership. If you are unable to access an eBook, please see our Help and support or contact library@icaew.com

Personnel records and data protection

This chapter of the handbook looks at what personnel records an organisation should keep, data protection (please note this section has not been updated to reflect the Data Protection Act 2018 /GPPR) and the monitoring of e-mail and telephone calls. A sample e-mail and internet policy is supplied.

EU General Data Protection Regulation (GDPR): A practical guide, The

This handbook offers advice on the practical implementation of GDPR and analyses its impact. The guide examines the scope of GDPR, the organisational and material requirements for data protection, the rights of data subjects, the role of the Supervisory Authorities, enforcement and fines under the GDPR, and differences between EU jurisdictions.

Terms of use: You are permitted to access, download, copy, or print out content from eBooks for your own research or study only, subject to the terms of use set by our suppliers and any restrictions imposed by individual publishers. Please see individual supplier pages for full terms of use.

The Library & Information Service provides a hand-picked collection of industry press articles as a benefit of membership. If you are unable to access an article, please see our Help and support or contact library@icaew.com

Data classification: what is it and why do you need it

The article explains why data classification is vital to organisations. Topics discussed include tracking of information based on its sensitivity and confidentiality, key elements of a data classification policy, and compliance with regulations such as the General Data Protection Regulation (GDPR). Also mentioned are the basic principles of data management, namely confidentiality, integrity, and access.

High cybersecurity risks demand a proactive defense

The article discusses cybercrime and data breaches, which are considered major threats for accountancy firms. Topics include the increase in incidences of breaches that featured ransomware or extortion since 2018. Some of the major defences that should be considered are also mentioned.

US offers concessions on surveillance and privacy as Privacy Shield successor agreed

The article discusses agreement of data privacy framework allowing transatlantic data transfers. The agreement was made after United States offered concessions on surveillance and new rights of redress for European Union citizens. The Trans-Atlantic Data Privacy Framework promises an end to two years of legal uncertainty for companies relied on privacy shield.

Terms of use: You are permitted to access articles subject to the terms of use set by our suppliers and any restrictions imposed by individual publishers. Please see individual supplier pages for full terms of use.

Useful links

General Data Protection Regulation (GDPR)

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Guide to the UK General Data Protection Regulation (UK GDPR)

Guide from the ICO explaining the provisions of the UK GDPR and what organisations need to do to comply with its requirements. Includes ‘In brief’ summaries and checklists as well as more detailed content in key areas.

ICAEW accepts no responsibility for the content on any site to which a hypertext link from this site exists. The links are provided ‘as is’ with no warranty, express or implied, for the information provided within them. Please see the full copyright and disclaimer notice.

* Some of the content on this web page was provided by the Chartered Accountants’ Trust for Education and Research, a registered charity, which owns the library and operates it for ICAEW.