• In the news
  • June 17, 2020

Brexit and GDPR – ICO Fines and Data Breaches

And so we hear about more data protection breaches… the Information Commissioner’s Office (ICO) doesn’t seem to be relaxing the reins on GDPR enforcement anytime soon! Alongside the various big brands who have recently been in the headlines for their various data protection slip-ups, Brexit and its accompanying campaigns continue to loom large in the shadows. 

Leave.EU’s suspected data breach

 This month it was announced that the ICO is ready to fine Leave.EU, and a related insurance company, for breaching data protection rules. Leave.EU was one of the pro-Brexit campaign groups during the 2016 referendum, and was run by Nigel Farage. There were more than one million emails sent to Leave.EU subscribers, which contained marketing materials for Eldon Insurance. Eldon Insurance is owned by Arron Banks, who donated £8 million to Leave.EU. The ICO has been investigating “an abundance of claims and allegations” that the public’s rights to privacy were disregarded as a result of this marketing campaign, in what has reportedly been an extremely complex data protection investigation. When asked about the matter, Banks said “Gosh, we communicated with our supporters and offered them a 10% Brexit discount after the vote! So what?” This appears to be part of the allegation by the ICO that there had been a “disregard for voters’ personal privacy”. 

The ICO fine 

The fine is reported to be £135,000. Remember – if this investigation had related to an event that happened under the new GDPR rules (i.e. it had occurred after May 2018), the fine could have been up to EUR 20 million or 4% of annual turnover. The ICO also looked into whether the Vote Leave campaign (the official leave campaign for the referendum) had processed the personal data of UK citizens in Canada. The Vote Leave campaign worked with Canadian analytics firm AIQ.
The ICO found no evidence of any personal data breach relating to the processing of data in Canada. However, the ICO is continuing to investigate how the Vote Leave campaign delivered electronic marketing communications during the campaign, and whether they breached data protection rules in this respect. And in terms of the Remain side of the referendum campaign, the ICO is also investigating whether there were any personal data breaches. In particular, the ICO is looking into Britain Stronger and a linked data broker, and whether there had been “inadequate third-party consents”. 

Takeaways for business owners

 This is yet another reminder that the ICO will be continuing to firmly enforce the new GDPR rules, and that businesses need to ensure they are up to speed with the requirements. In terms of marketing communications (the main privacy issue arising from the referendum campaigns), it’s important to remember the following: You need permission to contact a prospect or a customer. You cannot assume they want to be contacted.
Consent must be “freely given, specific, informed and unambiguous” A pre-ticked box that automatically opts individuals into a marketing list doesn’t pass the GDPR test – individuals have to actively tick the box to be contacted It is your responsibility to make sure that individuals can easily access their data and that their data can easily be deleted if they ask for this to be done (known as ‘the right to be forgotten’) Make sure you only collect the data you actually need. You must have a legal basis to justify the processing of the personal data you collect. Don’t gather more data than you need ‘just in case’ you might need it at a later date. It is imperative to ensure that you comply with all of the points above in order to be compliant with GDPR. Remember that the scale of the fines makes non-compliance not an option.
If you remain somewhat uncertain about your position regarding the full compliance of your data protection procedures you can check your position via our handy GDPR Checklist.

The author of this article is expert LawBrief  Barbara Jamieson. For further GDPR legal advice, please enter an enquiry or call us today on 020 7148 1066 to speak to a member of our friendly Client Care Team. 

Journey further… GDPR Products and Services LawBite GDPR Rescue Package  

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By LawBite Team
  • February 16, 2022
New rules for doing business with the EU

It has now been more than a year since Brexit and theoretical questions are now practical issues of the day-to-day activities of entrepreneurs that...

blog image
  • By LawBite Team
  • February 15, 2022
Data protection and privacy – Employer’s responsibilities

Data protection and privacy laws touch on almost every aspect of HR.  Employers must strike a fine balance in complying with the UK GDPR, Data Prot...

blog image
  • By LawBite Team
  • February 07, 2022
Earning user trust by prioritising data protection compliance

Protecting people's privacy is not only the right thing to do, but it is key in earning trust. In 2022, armed with the knowledge gained from the Ca...


LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Talk to a Lawyer

Book a Call
defend a claim

Essentials Plan

Join for Free