Data Protection

All staff at ICAEW should have had General Data Protection Regulation (GDPR) training

If you would like to request GDPR training please speak to the Data Protection team.

GDPR legislation applies to all virtual meetings - both live and on-demand

  • This means you need to be careful about how you use, store and share data in downloaded Zoom reports

  • You will also need to consider how you communicate to delegates and participants that you intend to record a session, telling them what might happen with the recording, and that by participating in the session in a way that identifies them on screen could mean that they become an identifiable participant of a published video or on-demand link.

  • You also need to know what to do in the event of a Subject Access Request (see below).

Informing participants - especially if recording

  • When signing up to a session, webinar or meeting, delegates should be informed at sign up that if they contribute to the meeting, their name and voice recording could be captured as part of the meeting. By contributing in this manner they are consenting to ICAEW processing the personal data they provide.

  • In most Webinars the questions are through text-based Q&A. But in the rare instance that the Host chooses to open questions to the floor and unmute any non-presenter/panel participants then those participants' Zoom names will be visible to all and, if the meeting is recorded, they will be recorded in both sound and on-screen, including their Zoom name. In this instance, the Host should pre-warn the audience members participating that their name and audiovisual recording is will be captured as part of the session and that by contributing in this manner they are consenting to ICAEW processing this personal data and information that they provide.

Subject Access Requests

  • If you get a request for information we hold about an individual, please assume that this is probably a Subject Access Request.

  • Subject Access Requests (SARs) come in many forms, and the individual does not need to specify the words Subject Access Request for it to be one.

  • Any SAR or suspicion of an SAR should be sent to dataprotection@icaew.com. The request will be assigned to a member of the Data Protection team to process.

  • You should not respond to an SAR until guided by the Data Protection team to supply documentation or evidence.

  • If you think the subject of an SAR has participated in a virtual meeting or webinar that has been recorded, it would be helpful to know the name of the session so it is easy to track down on our platforms. It would also be helpful to know if the event was published on our website and what the page URL is where it was published.

  • If the Data Protection Team feel that a pubished item needs to be removed or edited this will be discussed with you and/or a member of the Content team, but no immediate action would necessarily be taken.