The problem is that the GDPR is very good on the what not the how so we can't give definitive answers (nor does the ICO). So you will have to decide and document how you have ensured that all your data is secure however and wherever you store and use it. We have got some guidance on encryption and passwords that may help - see our GDPR hub - and on keeping client files safe https://www.icaew.com/technical/technology/data/data-protection/general-...
My answers
The ICO has made it clear that GDPR and the Data Protection Act 2018 will still apply - see https://ico.org.uk/global/data-protection-and-coronavirus-information-hub/
ICAEW guidance also available
https://www.icaew.com/insights/coronavirus/working-from-home
The problem is that the GDPR is very good on the what not the how so we can't give definitive answers (nor does the ICO). So you will have to decide and document how you have ensured that all your data is secure however and wherever you store and use it. We have got some guidance on encryption and passwords that may help - see our GDPR hub - and on keeping client files safe
https://www.icaew.com/technical/technology/data/data-protection/general-...
ICAEW guidance and templates for engagement letters and privacy notices available here
https://www.icaew.com/en/technical/practice-resources/practice-helpsheet...
ICAEW guidance and templates available here for members
https://www.icaew.com/en/technical/practice-resources/practice-helpsheet...
I agree - marketing consent should not be bundled together with terms of business.
See ICAEW guidance and templates for engagement letters and privacy notices here
https://www.icaew.com/en/technical/information-technology/cyber-resource...
ICAEW have published templates and guidance for engagement letters and privacy notices - available to all members here
https://www.icaew.com/en/technical/practice-resources/practice-helpsheet...