General Data Protection Regulation information for members

The CIOT and ATT have been working on FAQs based on queries we have received. These should assist members generally with some of the queries they may have in relation to the General Data Protection Regulation.

The General Data Protection Regulation (GDPR) comes into effect on the 25 May 2018. The Information Commissioner’s Office (ICO) website provides a lot of advice and guidance. We have also collated questions received from members and prepared a set of frequently asked questions (FAQ) and answers. The ICO has reviewed this document and it is now available on the CIOT website and the ATT website.

It covers a number of areas including background details about GDPR, issues surrounding holding data, security when contacting clients and records to be retained to be GDPR compliant. Please note, however, that data protection and GDPR is a complex area and this set of FAQs is intended as a helpful introduction only. 

We would be happy to receive other queries which members have or details of their experience of meeting the requirements of the regulations, as will assist with future engagement with the ICO. Please send these to the Professional Standards team at