In the nick of time: EU grants UK data protection adequacy decision
With the 30 June deadline approaching, the EU has agreed an adequacy decision for the UK, allowing the free flow of personal data from the EU to the UK to continue.
Data protection and privacy
Data protection and privacy are matters of professional concern to accountants in practice, industry or commerce. Organisations that collect, store or process personal information (personal data) on living and identifiable people (data subjects) must comply with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). Other relevant data protection and privacy legislation includes the Privacy and Electronic Communications Regulations (PECR), the Freedom of Information Act (FOIA) and the Data Protection (Charges and Information) Regulations 2018. This content is not intended to constitute legal advice. Specific legal advice should be sought before taking or refraining from taking any action in relation to the matters outlined.
Featured items
In this section
FAQs, helpsheets and guidance
Data Protection and Covid19 - implications for ICAEW members
Updated guidance from the ICO
ICAEW Know How: Right to erasure
This guide summarises the general erasure obligations set out in GDPR, the exceptions available under GDPR and the DPA 2018 and provides practical interpretation of these in relation to various example service offerings that may be provided by ICAEW members.
ICAEW Know-How: Personal data breaches
The Data Protection Act 2018 (DPA 2018) came into force on 25 May 2018 to replace the Data Protection Act 1998. It sits alongside the General Data Protection Regulation (GDPR). This guide is part of a series that explain some of the new or more difficult concepts introduced by the DPA 2018 and the GDPR.
Articles and features
ICAEW cyber round-up: April 2023
From the potential dangers posed by ChatGPT to hacking attacks on major organisations, the demand for enhanced cyber security has been at the forefront of many discussions this month.
Opportunities and risks follow ICO call for SME advice
As the Information Commissioner’s Office urges accountants to help SME clients navigate data protection legislation, Matthew Wilkinson-Foster explains the opportunities and risks this presents.
ICO urges accountants to bolster SME data protection compliance
The data protection regulator is calling on accountants to step up in helping their SME clients navigate complex data protection legislation, against a backdrop of further changes to the legislation.
Do you have clients who are designing apps, games and websites or, developing online services?
Rents, energy prices and inflation are all up. Staff shortages are stagnating businesses. It’s a daunting time for UK businesses right now.
Webinars and recordings
Data Subject Access Requests – what you need to know
View the recording and accompanying factsheet from our DSAR webinar which took place on 25 May 2022 - a collaboration between ICAEW and Haddletons.
Evaluating the risk of cyber-crime and data breach
Are you doing enough to manage the risk of cyber-crime and data breach in your business? Marsh Commercial will focus on the risk of cyber specifically to small practitioners, and may highlight the gaps in your cover that are leaving your business exposed.
What's your data strategy?
Demystifying data. Before organisations can gain any value from data it is critical to have a clear data strategy that ties into an organisation's overall strategy.
GDPR what was all the fuss about?
The GDPR came into force in the UK on May 25 2018. Many organisations put a lot of effort into preparing for that day.
Disclaimer: The opinions expressed by external guest speakers in interviews or other publications included on this website are, by their nature, those of the speaker. They are not necessarily fully endorsed by the ICAEW or purport to reflect the official policies and views of the ICAEW or its members.
Legal alert
Legal Alert is a monthly checklist from Atom Content Marketing highlighting new and pending laws, regulations, codes of practice and rulings that could have an impact on your business. Find out more about Atom Content Marketing
New guidance: Information Commissioner’s Office issues new draft guidance for online services children are likely to access
Organisations providing online services that children are likely to access will welcome new draft guidance from the Information Commissioner’s Office (ICO).
New law: Government publishes proposed new UK data protection laws
Businesses are monitoring new draft UK data protection laws intended to reduce data protection burdens on UK organisations.
New guidance: ICO publishes draft guidance on handling workers’ health information
Employers will welcome new guidance from the Information Commissioner’s Office (ICO), the UK's independent body responsible for upholding information rights, on handling personal data about workers’ health.
Disclaimer: These publications from Atom Content Marketing are for general guidance only, for businesses in the United Kingdom governed by the laws of England. Atom Content Marketing, expert contributors and ICAEW (as distributor) disclaim all liability for any errors or omissions.
eBooks
The Library & Information Service provides a hand-picked collection of eBooks as a benefit of membership. If you are unable to access an eBook, please see our Help and support or contact library@icaew.com
The essential guide to data protection when outsourcing
It is often said that data is the new oil – the raw material that drives industry in so many ways. Like all resources, data needs to be used wisely and protected. This guide looks at protecting data when using outsourced services.
The Data Protection Act 1998
This section looks at the definitions in the Act, the rights conferred on data subjects and the data protection principles.
The Bribery Act
eBook by Barry Vitou, Tom Stocker, William Christopher and Stacy Keen (ICSA Publishing Ltd, 2013)
Template steps to take in advance of commencing investigation
Supporting material for the ICSA Solutions eBook 'The Bribery Act' by Barry Vitou, Tom Stocker, William Christopher and Stacy Keen (ICSA Publishing Ltd, 2013)
Taking minutes of meetings
Explains the functions of minutes and how to take them.
Statutory Registers
eBook by Emma de Ronde (ICSA Publishing Ltd, 2013)
Personnel records and data protection
This chapter of the handbook looks at what personnel records an organisation should keep, data protection (please note this section has not been updated to reflect the Data Protection Act 2018 /GPPR) and the monitoring of e-mail and telephone calls. A sample e-mail and internet policy is supplied.
ICSA Non-executive director's handbook
An essential source of reference and route map for the position of Non-executive director. Contains case studies and checklists throughout.
Terms of use: You are permitted to access, download, copy, or print out content from eBooks for your own research or study only, subject to the terms of use set by our suppliers and any restrictions imposed by individual publishers. Please see individual supplier pages for full terms of use.
Industry press
The Library & Information Service provides a hand-picked collection of industry press articles as a benefit of membership. If you are unable to access an article, please see our Help and support or contact library@icaew.com
Data classification: what is it and why do you need it
The article explains why data classification is vital to organisations. Topics discussed include tracking of information based on its sensitivity and confidentiality, key elements of a data classification policy, and compliance with regulations such as the General Data Protection Regulation (GDPR). Also mentioned are the basic principles of data management, namely confidentiality, integrity, and access.
High cybersecurity risks demand a proactive defense
The article discusses cybercrime and data breaches, which are considered major threats for accountancy firms. Topics include the increase in incidences of breaches that featured ransomware or extortion since 2018. Some of the major defences that should be considered are also mentioned.
Extreme encryption
Article looks at how a clever form of cryptography allows us to see data without ever looking at it. This could dispel the privacy fears that hobble big data.
Terms of use: You are permitted to access articles subject to the terms of use set by our suppliers and any restrictions imposed by individual publishers. Please see individual supplier pages for full terms of use.
Useful links
Data Protection Act 2018
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR) and replaces the Data Protection Act 1998.
General Data Protection Regulation (GDPR)
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Guide to Privacy and Electronic Communications Regulations
Guidance from the ICO for organisations that wish to send electronic marketing messages (by phone, fax, email or text), use cookies, or provide electronic communication services to the public.
Guide to the UK General Data Protection Regulation (UK GDPR)
Guide from the ICO explaining the provisions of the UK GDPR and what organisations need to do to comply with its requirements. Includes ‘In brief’ summaries and checklists as well as more detailed content in key areas.
ICAEW accepts no responsibility for the content on any site to which a hypertext link from this site exists. The links are provided ‘as is’ with no warranty, express or implied, for the information provided within them. Please see the full copyright and disclaimer notice.