Mike Bradford, BIIA’s contributing editor on the subject of data protection and privacy has published his latest newsletter with the following topics:

  • EU General Data Protection Regulations (GDPR)
  • UK Information Commissioner (ICO) issues further GDPR guidance
  • Article 29 Working Party publishes guidelines on imposing administrative fines
  • Latest on UK DP Bill
  • ICO assures companies that BCRs will remain following Brexit
  • Direct Marketing Association says new e-privacy regulations are at a state of impasse
  • ICO survey shows most UK citizens don’t trust organisations with their data
  • ICO stresses the importance of staff handling personal data correctly
  • ICO to launch major review of data broking industry and credit reference agencies

In this conjunction the case of the Verso Group (UK) Limited is of interest:

The Verso Group (UK) is a firm trading in people’s personal information and describing itself as ‘the UK’s Premier Lead Generation Provider’ has been fined £80,000 by the Information Commissioner’s Office (ICO).  Verso Group (UK) Limited failed to comply with data protection law because it was not clear with people about what it was doing with their personal information.  This is the first fine to be issued following a wider investigation by the ICO into the data broking industry.

James Dipple-Johnstone, ICO Deputy Commissioner – Operations said:  “We have concerns about the impact of invisible data processing on UK citizens and are currently looking at the data broking industry including how businesses trade and use personal data behind the scenes.”

The ICO discovered Verso had supplied personal data for direct marketing to Prodial Ltd, which received a record fine for making 46 million nuisance calls and to EMC Advisory Services Ltd also fined by the ICO for making unsolicited calls. This prompted a separate ICO investigation into Verso’s data trading practices.

The Hertfordshire-based business generated leads by contacting people in the UK from two overseas call centres. Personal data was gathered from what telephone operators described as surveys, but were in fact lead generation calls. Other practices included buying in data from various firms to be packaged up to sell on to companies for use in direct marketing without the correct consent required.

  • Recent Data Breaches

To read the latest newsletter click on this link:  Regulatory Strategies Newsletter – December 2017