ICAEW.com works better with JavaScript enabled.

Useful links

Read information on data protection, including GDPR and the Data Protection Act from a selection of external resources.


General Data Protection Regulation (GDPR)

European Commission April 2016

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

EU data protection

European Commission European Commission

Rules on data protection in the EU from the European Commission. Including information on data protection in the Eu; Data transfers outside the EU; and reform of EU data protection rules.

ICO guidance

Data protection self assessment

Toolkit from the ICO to help data controllers and data processors assess high level compliance with data protection legislation.

GDPR myths

A series of blog posts from the ICO aiming to bust some of the myths that have developed around General Data Protection Regulation compliance. Topics covered include data breach reporting, new fining powers and the issue of consent.

Guide to data protection

Information Commissioner's Office guidance for those who have day to day responsibility for data protection. It explains the purpose and effect of each principle, gives practical examples and answers frequently asked questions. Also covers specialist topics including CCTV, employment and data sharing.

Self assessment checklist for sole traders

October 2018

A self-assessment checklist that will help sole traders and self-employed individuals to assess their compliance with new data protection laws. It is aimed at improving understanding of data protection and making sure sole traders are keeping people’s personal data secure.

Video surveillance

February 2022

Guidance from the ICO for organisations in the public and private sectors. Addresses new applications of video surveillance technologies and how the UK GDPR and DPA 2018 applies. Technologies include: Traditional CCTV; Automatic Number Plate Recognition; Body Worn Video; Facial Recognition Technology; Drones; More commercially available technologies such as smart doorbells and dash cams. The guidance does not cover the use of CCTV in domestic settings.

Further guidance

Article 29 Working Party guidelines

Article 29 Working Party

EU level guidance on the General Data Protection Regulation. Produced by the Article 29 Working Party, an independent European advisory body on data protection.

Data protection and your business

HM Government

Government guidance on data protection, covering: recruiting staff; managing staff records; marketing products or services; monitoring staff at work and CCTV

What GDPR means for cyber security

National Cyber Security Centre May 2018

Guidance from the National Cyber Security Centre (NCSC) on the introduction of the General Data Protection Regulation (GDPR) and what it means for cyber security.


AccountingWeb - GDPR

Sift Media

GDPR hub page from AccountingWeb which includes features and news articles.

Computing - GDPR

Incisive Business Media

News and features on GDPR and data protection from Computing magazine

* Some of the content on this web page was provided by the Chartered Accountants’ Trust for Education and Research, a registered charity, which owns the library and operates it for ICAEW.