• In the news
  • November 27, 2018

Brexit and GDPR – ICO Fines and Data Breaches


By Lawbite Team

Get Quote Free Legal Help
And so we hear about more data protection breaches… the Information Commissioner’s Office (ICO) doesn’t seem to be relaxing the reins on GDPR enforcement anytime soon! Alongside the various big brands who have recently been in the headlines for their various data protection slip-ups, Brexit and its accompanying campaigns continue to loom large in the shadows. 

Leave.EU’s suspected data breach

 This month it was announced that the ICO is ready to fine Leave.EU, and a related insurance company, for breaching data protection rules. Leave.EU was one of the pro-Brexit campaign groups during the 2016 referendum, and was run by Nigel Farage. There were more than one million emails sent to Leave.EU subscribers, which contained marketing materials for Eldon Insurance. Eldon Insurance is owned by Arron Banks, who donated £8 million to Leave.EU. The ICO has been investigating “an abundance of claims and allegations” that the public’s rights to privacy were disregarded as a result of this marketing campaign, in what has reportedly been an extremely complex data protection investigation. When asked about the matter, Banks said “Gosh, we communicated with our supporters and offered them a 10% Brexit discount after the vote! So what?” This appears to be part of the allegation by the ICO that there had been a “disregard for voters’ personal privacy”. 

The ICO fine 

The fine is reported to be £135,000. Remember – if this investigation had related to an event that happened under the new GDPR rules (i.e. it had occurred after May 2018), the fine could have been up to EUR 20 million or 4% of annual turnover. The ICO also looked into whether the Vote Leave campaign (the official leave campaign for the referendum) had processed the personal data of UK citizens in Canada. The Vote Leave campaign worked with Canadian analytics firm AIQ. The ICO found no evidence of any personal data breach relating to the processing of data in Canada. However, the ICO is continuing to investigate how the Vote Leave campaign delivered electronic marketing communications during the campaign, and whether they breached data protection rules in this respect. And in terms of the Remain side of the referendum campaign, the ICO is also investigating whether there were any personal data breaches. In particular, the ICO is looking into Britain Stronger and a linked data broker, and whether there had been “inadequate third-party consents”. 

Takeaways for business owners

 This is yet another reminder that the ICO will be continuing to firmly enforce the new GDPR rules, and that businesses need to ensure they are up to speed with the requirements. In terms of marketing communications (the main privacy issue arising from the referendum campaigns), it’s important to remember the following: You need permission to contact a prospect or a customer. You cannot assume they want to be contacted. Consent must be “freely given, specific, informed and unambiguous” A pre-ticked box that automatically opts individuals into a marketing list doesn’t pass the GDPR test – individuals have to actively tick the box to be contacted It is your responsibility to make sure that individuals can easily access their data and that their data can easily be deleted if they ask for this to be done (known as ‘the right to be forgotten’) Make sure you only collect the data you actually need. You must have a legal basis to justify the processing of the personal data you collect. Don’t gather more data than you need ‘just in case’ you might need it at a later date. It is imperative to ensure that you comply with all of the points above in order to be compliant with GDPR. Remember that the scale of the fines makes non-compliance not an option. If you remain somewhat uncertain about your position regarding the full compliance of your data protection procedures you can check your position via our handy GDPR Checklist. The author of this article is expert LawBrief  Barbara Jamieson. For further GDPR legal advice, please enter an enquiry or call us today on 020 7148 1066 to speak to a member of our friendly Client Care Team.
Journey further… GDPR Products and Services LawBite GDPR Rescue Package  

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By Lawbite Team
  • November 08, 2021
Who Needs a Data Representative in the EU for GDPR Compliance?

Obtaining a GDPR Data Representative in the EU for GDPR compliance is an important consideration that you, as a business owner, must think about.  ...

blog image
  • By Lawbite Team
  • October 01, 2021
What Business Opportunities will Brexit Bring?

With the UK drawing the first anniversary of the Brexit transition period ending, some short term effects of Brexit (positive and negative) have al...

blog image
  • By Lawbite Team
  • September 20, 2021
How to Gain Consent Under the GDPR

Even several years after the introduction of the General Data Protection Regulations (GDPR) in 2018, there is still a lack of understanding about h...


LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Get Quote

defend a claim

Essentials Plan