The EU General Data Protection Regulation (GDPR) came into force on 25 May 2018. The Data Protection Act 2018 (DPA 2018) came into force on the same day and sits alongside the GDPR. Even after nearly a year of the new regime there are still many areas that can be subject to interpretation: unfortunately getting this wrong can lead to hefty fines and sanctions. With this in mind the ICAEW is working on a series of guides that explain some of the new or more difficult concepts introduced by the GDPR and DPA 2018. The first guide published on 10 April 2018 looks at the transparency obligations of the GDPR.
The GDPR obliges data controllers to be transparent with data subjects about how they process their personal data. However, given the nature of some of the services provided by ICAEW members, this obligation to be transparent may appear to be unworkable, inappropriate or even not feasible in some circumstances. To help ICAEW members navigate their way around the rules ICAEW has published a new guide that summarises the general transparency obligations set out in GDPR, the exceptions available under GDPR and the DPA 2018 and provides practical interpretation of these in relation to various example service offerings that may be provided by ICAEW members.
Guides in the pipeline will cover ‘Data Controllers vs Data Processors’, ‘Data Breaches’, Legitimate Interest Assessments’ and ‘Data Subject Access Requests’
The guides are intended to provide practical guidance to ICAEW members. They are not intended to constitute legal advice, so if you are still unsure or in doubt then you should seek specialist legal advice.
Finally if you have any comments on the guides or requests for any other guides please get in touch.