The GDPR came into force on 25 May 2018

The new Regulations build upon the requirements already in place for protecting personal data which arise from the Data Protection Act 1998.

The GDPR do not supersede your other legal obligations concerning storing and maintaining clients' accounts. In particular, the period for retaining your clients' accounting records will still be governed by the relevant legislation (e.g. Companies Act 2006, Taxes Management Act 1970) and in most cases will require you to retain the records for six years. If your client relies on GDPR to request you erase their accounting records, you may only erase the data if doing so will not breach these other legal obligations.

The GDPR stipulate that personal data must:

  1. be processed fairly, lawfully and transparently;
  2. only be used for the purpose for which it was collected;
  3. be adequate, relevant and not excessive for the purpose for which it is being processed;
  4. be accurate and kept up-to-date;
  5. not be kept longer than necessary to fulfil the purpose of its collection;
  6. be kept secure and protected from unauthorised processing, loss, damage or destruction
    [which includes the data not being transferred to a country or territory outside the European Economic Area unless the personal data is adequately protected and/or consent of the Data Subject has been provided].

The Information Commissioners Office (ICO) is responsible for supervising the implementation of the GDPR in the UK. Useful resources can be found at:


Further reading:

GDPR Guidance Helpsheet
An 11 page document providing an overview of the GDPR Regulations. This is a summary of the whole of the Regulations which are likely to be relevant to ICB members and bookkeeping practices. 

GDPR Getting Ready Checklist
A four page document that lists the steps a practice should undertake to get GDPR ready and ensure GDPR compliance

GDPR Privacy Policy Template
A 9 page document to be tailored by each individual to suit the needs of their business and which contains relevant information to be passed on to the client.

GDPR Workflow Diagram Template
A one page template

GDPR Webinar
An one-hour pre-recorded webinar with in-house legal counsel, Ben Stephens-Brown is available here

These resources are available to Practice Licence holders to download for free via:

Non-practising members, non-members and students can purchase the Guidance Helpsheet, Getting Ready Checklist and Privacy Policy and documents via: