Disclaimer: As we are all continuing to feel our way on this, we can make no guarantees that it represents the ultimate answer and do not accept any responsibility for consequences arising from its use.

Now to business

Following on from our GDPR guidance and checklist in the last newsletter, and in the absence of clear guidance from ICAEW, we suggest the following wording as the basis for a paragraph in your engagement letters.

“GDPR
We hold only the personal data that we need in order to provide you with the services you require and to enable us to assist you to meet your legal obligations.
We do not pass your details on to any third party, unless
• you specifically ask us to do so
• there is a legal obligation for us to do so or
• to gather information to enable us to carry out our obligations on your
behalf.
We keep personal data for a period of up to 2 years from the date that you cease to be a client or longer where there is a legal obligation to do so. Partner X acts as the data controller for the firm. If you wish to verify your personal data held by us please contact him/her at the address on this letter. “