ICAEW.com works better with JavaScript enabled.

Guidance on data protection

Read our FAQs and the latest guidance on data protection and privacy including GDPR and the Data Protection Act.

Displaying 1-32 of 32 results
Exclusive TECHNICAL ADVISORY SERVICES Document retention
  • 28 Nov 2023
  • Technical Advisory Services
This helpsheet highlights key considerations relating to document retention for accountants.
Exclusive TECHNICAL ADVISORY SERVICES TECHNICAL ADVISORY SERVICES HELPSHEET Disclosure of confidential information to the police and other enforcement agencies
  • 28 Nov 2023
  • Ethics Advisory Service
Technical helpsheet issued to help ICAEW members consider confidentiality requirements in the context of disclosure of confidential information to the police and other enforcement agencies such as HMRC and the National Crime Agency.
Exclusive TECHNICAL ADVISORY SERVICES TECHNICAL ADVISORY SERVICES HELPSHEET Disclosure of confidential information (for members in practice)
  • 28 Nov 2023
  • Technical Advisory Services
Technical helpsheet issued to help ICAEW members in practice consider confidentiality requirements in the context of disclosure of confidential information.
Exclusive TECHNICAL ADVISORY SERVICES TECHNICAL ADVISORY SERVICES HELPSHEET UK GDPR – Lawful basis for processing
  • 17 Nov 2023
  • Technical Advisory Services
Helpsheet issued by ICAEW’s Technical Advisory Service to help ICAEW members to understand the requirements of the GDPR in relation to lawful basis for processing.
Exclusive TECHNICAL ADVISORY SERVICES TECHNICAL ADVISORY SERVICES HELPSHEET UK GDPR – Client files
  • 17 Nov 2023
  • Technical Advisory Services
Helpsheet issued by ICAEW’s Technical Advisory Service to help ICAEW members to understand the requirements of the GDPR as it relates to client files applied to common situations experienced by a member.
Exclusive TECHNICAL ADVISORY SERVICES TECHNICAL ADVISORY SERVICES HELPSHEET UK GDPR – Rights of an individual
  • 17 Nov 2023
  • Technical Advisory Services
Helpsheet issued by ICAEW’s Technical Advisory Service to help ICAEW members to understand the requirements of the GDPR in relation to the rights of an individual.
Exclusive TECHNICAL ADVISORY SERVICES TECHNICAL ADVISORY SERVICES HELPSHEET Disclosure of confidential information (for members in business)
  • 19 Oct 2021
  • Technical Advisory Services
Technical helpsheet issued to help ICAEW members in business consider confidentiality requirements in the context of disclosure of confidential information.
Exclusive TECHNICAL ADVISORY SERVICES TECHNICAL ADVISORY SERVICES HELPSHEET UK GDPR – Data processor or data controller?
  • 01 Feb 2021
  • Technical Advisory Services
Helpsheet issued by ICAEW’s Technical Advisory Service to help ICAEW members to make their own assessment whether they act as a data processor or data controller under the GDPR.
Exclusive TECHNICAL ADVISORY SERVICES TECHNICAL ADVISORY SERVICES HELPSHEET UK GDPR – Data mapping and documentation
  • 01 Feb 2021
  • Technical Advisory Services
Helpsheet issued by ICAEW’s Technical Advisory Service to help ICAEW members to understand how data mapping and documentation can assist in meeting the requirements of the GDPR.
Exclusive TECHNICAL ADVISORY SERVICES TECHNICAL ADVISORY SERVICES HELPSHEET UK GDPR – Data Breaches
  • 01 Feb 2021
  • Technical Advisory Services
Technical helpsheet issued to help ICAEW members understand the requirements of the GDPR in relation to a data breach. Detailed guidance is available from the Information Commissioner’s Office (ICO).
Exclusive TECHNICAL ADVISORY SERVICES TECHNICAL ADVISORY SERVICES HELPSHEET UK GDPR – Communicating safely with clients
  • 01 Feb 2021
  • Technical Advisory Services
Helpsheet issued by ICAEW’s Technical Advisory Service to help ICAEW members to understand the requirements of the GDPR in relation to communicating safely with clients.
BUSINESS LAW Data Protection and Covid19 - implications for ICAEW members
  • 17 Apr 2020
  • PDF (147kb)
  • Business Law
Updated guidance from the ICO
TECH FACULTY GUIDE ICAEW KNOW HOW Coronavirus guide: cyber hygiene and data
  • 25 Mar 2020
  • Tech Faculty
Criminals thrive in times of uncertainty and fear, and the UK’s National Cyber Security Centre (NCSC) has already reported an increase in cyber threats which refer directly to the coronavirus. This guide outlines the key steps to basic cyber hygiene and highlights some useful resources.
BUSINESS LAW ICAEW KNOW HOW GUIDE ICAEW Know How: Right to erasure
  • 16 Mar 2020
  • PDF (196kb)
  • Business Law
This guide summarises the general erasure obligations set out in GDPR, the exceptions available under GDPR and the DPA 2018 and provides practical interpretation of these in relation to various example service offerings that may be provided by ICAEW members.
BUSINESS LAW ICAEW KNOW HOW GUIDE ICAEW Know-How: Personal data breaches
  • 01 Jan 2020
  • PDF (563kb)
  • Business Law Department
The Data Protection Act 2018 (DPA 2018) came into force on 25 May 2018 to replace the Data Protection Act 1998. It sits alongside the General Data Protection Regulation (GDPR). This guide is part of a series that explain some of the new or more difficult concepts introduced by the DPA 2018 and the GDPR.
Exclusive TECH FACULTY TECH ESSENTIALS The essential guide to data protection when outsourcing
  • 25 Nov 2019
  • PDF (318kb)
  • Tech Faculty
It is often said that data is the new oil – the raw material that drives industry in so many ways. Like all resources, data needs to be used wisely and protected. This guide looks at protecting data when using outsourced services.
BUSINESS LAW TECHNICAL RELEASE ICAEW Know-How: Data protection transparency
  • 10 Apr 2019
  • PDF (301kb)
  • Business Law Department
This guide summarises the general transparency obligations set out in GDPR, the exceptions available under GDPR and the DPA 2018 and provides practical interpretation of these in relation to various example service offerings that may be provided by ICAEW members.
Exclusive TECH FACULTY Cyber Attack Response Plan Guide
  • 05 Mar 2019
  • PDF (329kb)
  • IT Faculty
This guide provides an overview of the steps that an organisation should consider taking if they are subject to a cyber attack.
TECH FACULTY Cyber attack response plan
  • 05 Mar 2019
  • Tech Faculty
This guide provides an overview of a cyber attack response plan. Organisations of all sizes and types should download this plan today in readiness for when a cyber incident takes place. This will help reduce your business risk and improve business resiliency.
Exclusive TECH FACULTY TECH ESSENTIALS The essential guide to cyber recovery
  • 06 Feb 2019
  • PDF (308kb)
  • Tech Faculty
How to recover in the event of a data breach. This guide draws on expert insights from our volunteers and members, with some very helpful case studies outlining real life examples – one of which is a ransomware example similar to the scenario above, and where the firm did have a backup.
TECH FACULTY AUDIT INSIGHTS Coping with the substantial gap in cyber security
  • 12 Jun 2018
  • PDF (197kb)
  • IT Faculty
This is the fifth in the series of Audit insights: cyber security reports. It focuses on the substantial gap in cyber security maturity levels caused by complex legacy IT environments and how business needs to adopt a smarter approach to cyber security laws and standards.
BUSINESS LAW What does the introduction of GDPR mean for accountants?
  • 15 May 2018
  • PDF (163kb)
These FAQs consider the impact of GDPR and how affects accountants, including what is now included in personal data, how to prove accountability, as well as when and how ‘consent’ can be used as a lawful basis for processing. It explains the new responsibilities of data processors under GDPR as well as the role and responsibilities of data controllers.
BUSINESS LAW TECH FACULTY GDPR and pension funds
  • 11 May 2018
  • PDF (165kb)
  • Business Law, Tech Faculty
This guide outlines the issues the General Data Protection Regulation (GDPR) raises for the trustees of pension funds, including their dealings with administrators and auditors. It is part of a series designed to answer the questions that members have been asking about the GDPR.
PROFESSIONAL STANDARDS DEPARTMENT GDPR - practical issues for insolvency practitioners and breach issues
  • 01 May 2018
  • PDF (251kb)
  • Professional Standards Department
FAQs for insolvency practitioners on the General Data Protection Regulations (GDPR).
AUDIT AND ASSURANCE FACULTY AUDIT INSIGHTS Taking control of the cyber security agenda
  • 10 Oct 2016
  • PDF (1,492kb)
  • Audit and Assurance Faculty
Businesses are struggling to turn general awareness and concern into effective action. In this report, we urge businesses to show more urgency and take control of their cyber agenda.
TECH FACULTY AUDIT INSIGHTS Growing gap between business and cyber attacker capabilities
  • 28 Jan 2015
  • PDF (1,496kb)
  • IT Faculty
This report raises specific cyber issues around the area of cyber threats and the extent of board awareness. It reveals that an increasing gap between business and cyber attacker capabilities exists and good intentions must be matched by action.
Exclusive AUDIT AND ASSURANCE FACULTY TECHNICAL RELEASE Access to Information by Successor Auditors (TECH 01/08 AAF)
  • 01 Aug 2008
  • PDF (294kb)
  • Audit and Assurance Faculty
Guidance for both predecessor and successor auditors on the provision of access to information. It covers the mandatory regime put in place by the Companies Act 2006 and Audit Regulation 3.09.
TECH FACULTY TECH ESSENTIALS Tech essentials - 10 steps to cyber security for smaller firms
  • 22 Sep 2017
  • PDF (376kb)
  • IT Faculty
While the fundamentals on how to protect yourself, your business and your clients remain essentially unchanged, the context in which we write about them continues to shift. Cyber criminals are always finding new means of attack and we all need to keep up to keep them out.
BUSINESS LAW What is the GDPR?
  • 03 Jan 2018
  • PDF (482kb)
These FAQs give accountants an overview of GDPR. It includes questions on how it differs from the current data protection approach, who will have to comply with it and whether Brexit will have an effect. It also explains key terms and concepts, including the accountability principle, the responsibilities of data processors, what a data protection officer is, and issues around data privacy.
Do you need to appoint a Data Protection Officer (DPO)?
  • 30 Apr 2018
  • PDF (867kb)
Use this decision tree to decide if you need to appoint a Data Protection Officer (DPO) in your organisation under the new GDPR.
MEMBERS DEPARTMENT Data protection act - are you registered?
  • 05 Feb 2018
  • PDF (208kb)
FAQs relating to the data protection act 1998.
RESTRUCTURING AND INSOLVENCY COMMUNITY Data protection and insolvency
  • 29 Jul 2014
The Data Protection Act 1998 (DPA) came into force on 1 March 2000. It sets rules for companies and organisations that deal with personal data. Personal data is information that identifies living individuals. The DPA applies to the processing of personal information and extends to some paper records as well as those held electronically. Its scope is very wide and it imposes a number of obligations. Some obligations are quite onerous on those involved in the processing of personal data. The information on this page is aimed at insolvency practitioners and does not go into detail about the basic...
Displaying 1-32 of 32 results