• In the news
  • November 27, 2018

Brexit and GDPR – ICO Fines and Data Breaches

By Lawbite Team

Talk to a Lawyer Free Legal Help
And so we hear about more data protection breaches… the Information Commissioner’s Office (ICO) doesn’t seem to be relaxing the reins on GDPR enforcement anytime soon! Alongside the various big brands who have recently been in the headlines for their various data protection slip-ups, Brexit and its accompanying campaigns continue to loom large in the shadows. 

Leave.EU’s suspected data breach

 This month it was announced that the ICO is ready to fine Leave.EU, and a related insurance company, for breaching data protection rules. Leave.EU was one of the pro-Brexit campaign groups during the 2016 referendum, and was run by Nigel Farage. There were more than one million emails sent to Leave.EU subscribers, which contained marketing materials for Eldon Insurance. Eldon Insurance is owned by Arron Banks, who donated £8 million to Leave.EU. The ICO has been investigating “an abundance of claims and allegations” that the public’s rights to privacy were disregarded as a result of this marketing campaign, in what has reportedly been an extremely complex data protection investigation. When asked about the matter, Banks said “Gosh, we communicated with our supporters and offered them a 10% Brexit discount after the vote! So what?” This appears to be part of the allegation by the ICO that there had been a “disregard for voters’ personal privacy”. 

The ICO fine 

The fine is reported to be £135,000. Remember – if this investigation had related to an event that happened under the new GDPR rules (i.e. it had occurred after May 2018), the fine could have been up to EUR 20 million or 4% of annual turnover. The ICO also looked into whether the Vote Leave campaign (the official leave campaign for the referendum) had processed the personal data of UK citizens in Canada. The Vote Leave campaign worked with Canadian analytics firm AIQ. The ICO found no evidence of any personal data breach relating to the processing of data in Canada. However, the ICO is continuing to investigate how the Vote Leave campaign delivered electronic marketing communications during the campaign, and whether they breached data protection rules in this respect. And in terms of the Remain side of the referendum campaign, the ICO is also investigating whether there were any personal data breaches. In particular, the ICO is looking into Britain Stronger and a linked data broker, and whether there had been “inadequate third-party consents”. 

Takeaways for business owners

 This is yet another reminder that the ICO will be continuing to firmly enforce the new GDPR rules, and that businesses need to ensure they are up to speed with the requirements. In terms of marketing communications (the main privacy issue arising from the referendum campaigns), it’s important to remember the following: You need permission to contact a prospect or a customer. You cannot assume they want to be contacted. Consent must be “freely given, specific, informed and unambiguous” A pre-ticked box that automatically opts individuals into a marketing list doesn’t pass the GDPR test – individuals have to actively tick the box to be contacted It is your responsibility to make sure that individuals can easily access their data and that their data can easily be deleted if they ask for this to be done (known as ‘the right to be forgotten’) Make sure you only collect the data you actually need. You must have a legal basis to justify the processing of the personal data you collect. Don’t gather more data than you need ‘just in case’ you might need it at a later date. It is imperative to ensure that you comply with all of the points above in order to be compliant with GDPR. Remember that the scale of the fines makes non-compliance not an option. If you remain somewhat uncertain about your position regarding the full compliance of your data protection procedures you can check your position via our handy GDPR Checklist. The author of this article is expert LawBrief  Barbara Jamieson. For further GDPR legal advice, please enter an enquiry or call us today on 020 7148 1066 to speak to a member of our friendly Client Care Team.
Journey further… GDPR Products and Services LawBite GDPR Rescue Package  

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By Lawbite Team
  • July 27, 2021
Data Protection - European Commission adopts adequacy decisions for the UK

On 28 June 2021, the Commission adopted two adequacy decisions in relation to the United Kingdom, under the General Data Protection Regulation (GDP...

blog image
  • By Lawbite Team
  • May 26, 2021
Your Post-Brexit GDPR Refresher

This month the General Data Protection Regulations (GDPR) celebrates its second birthday. Thinking back to the months preceding May 2018 you are li...

blog image
  • By Lawbite Team
  • March 10, 2021
Moving Goods and Services between UK and EU/EEA Post-Brexit

The transition period between the European Union (EU) and the UK, with its associated single market, ended at the end of 2020.  The rules around cr...


LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Talk to a Lawyer

Book a Call
defend a claim

Essentials Plan