On 25 May 2018 the General Data Protection Regulation (GDPR) comes into effect.

GDPR will apply to every European organisation that handles the information of private individuals plus non-EU organisations offering goods and services to EU individuals.  The UK government has confirmed that Brexit will not affect the commencement of the GDPR.

The GDPR provide additional rights to individuals and increased restrictions to how and when organisations can process personal data.

•We may hold your details which may include names, private addresses, date of birth, tax and NI references, company number (if applicable), employer’s reference and name (if applicable), business details (if applicable) and details of past and present taxable income and gains and data on other taxes.

•We hold this data to allow us to provide accountancy, tax compliance and tax advisory services (if applicable). 

•We do not use your data for any type of direct marketing and we do not sell your data to any third parties.  We will only contact you in the course of providing accountancy, tax compliance and tax advisory services (if applicable).

•We also hold data in order to make ID checks under the Money Laundering Regulations, this may include a copy of your passport or driving licence and evidence of your address.

•We retain data for as long as statute or regulations demand.

•We hold data electronically and on paper.

•We normally destroy files after six years.

•Our computer hard drives are destroyed before disposal.

•We do not allow third party access to our data, however, our IT support (outsourced) may work on software programmes that hold data such as our databases.  

•We store data via third party servers and we use applications including Dropbox, Microsoft and Google products.

•Data held on third party servers is highly protected by security features including firewalls, regular scans against malware and measures to prevent SQL injection.

•We process and store data using our tax and accounting software, such software may be located 'in the Cloud' and if so we rely on the software provider's security features and all access is password protected.

•When software is installed on our local machines all software is password protected.

•We prohibit the use of memory sticks to hold client data. If you provide us with a memory stick we will not transport it out of our office.

•We will only share data with HMRC and HM Courts and Tribunal’s service, during the course of an enquiry or investigation or tax appeal or other reasons if:

a) We are authorised to do so by the taxpayer, or

b) In the case of a Schedule 36 FA 2008 Information Notice, we have either been so authorised by a tribunal or we are compelled to provide data under the terms of a third party notice, or

c) We are obliged by other regulations to provide data.

•We may on occasion use third party contractors in our business and if so we will make suitable enquiries to check how they are meeting the required standards for GDPR compliance.  They are not authorised to remove our data or pass on data to other parties.  Third Party contractors may also be required to sign fit and proper declarations.


•We do not maintain a database that contains the details of users of our website and we do not track users of our website. 

•We do not sell our website data or allow any third party access to our data. 

•Our website data is hosted on third party servers which are protected by firewalls, encryption and access to our servers is protected by password protection applications.

•Our website developers and hosting may require access to the full back-end of our website. We place reliance on their own security measures when they access our data.

We are registered with the Information Commissioner.

Hamels Consultants LLP