Company fined £80,000 for selling personal data without owners’ consent
24 November 2017
The ICO has fined data brokering company Verso Group (UK) Ltd £80,000 for a serious and deliberate contravention of the Data Protection Act 1998 (DPA).
An ICO investigation found that the company had supplied personal data to two other companies who then used the data for telemarketing purposes (including nuisance calls). Verso failed to ensure it had appropriate consents from the data subjects to forward their personal data on in this way.
In determining the amount of the fine, the ICO considered:
- The contravention involved large volumes of personal data and data subjects;
- Verso’s contraventions were systemic, deliberate and not isolated or one-off;
- These contraventions occurred over a period of years; and
- Verso’s conduct during the investigation was found to be “unhelpful and obstructive.”
Organisations should keep in mind that the GDPR is replacing the DPA in May 2018, and under the new law consent will be even harder to obtain as a basis to process data.
The GDPR places an even greater focus on organisations being transparent on information being provided to individuals before their data is processed. The ICO’s findings and sanction also emphasise the importance of assisting the ICO in any investigations they carry out.
Clarkslegal, specialist Employment lawyers in London, Reading and throughout the Thames Valley.
For further information about this or any other Employment matter please contact Clarkslegal's employment team by email at firstname.lastname@example.org by telephone 020 7539 8000 (London office), 0118 958 5321 (Reading office) or by completing the form on this page.
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.
Read more articles