ARTICLE
22 December 2015

The UK's Data Protection Regulator Cracks The Enforcement Whip

RS
Reed Smith (Worldwide)

Contributor

Reed Smith (Worldwide) logo
Reed Smith is a dynamic international law firm helping clients move their businesses forward. By delivering smart, creative legal services, we enrich clients' experiences with us and support achievement of their business goals. Our longstanding relationships and collaborative structure enable the speedy resolution of complex disputes, transactions, and regulatory matters.
As 2015 draws to a close, the UK's Data Protection Regulator, the Information Commissioner's Office ('ICO'), is making sure it ends the year with a bang.
United Kingdom Privacy

As 2015 draws to a close, the UK's Data Protection Regulator, the Information Commissioner's Office ('ICO'), is making sure it ends the year with a bang. The past few months have seen a significant increase in enforcement action, a theme which seems to be common for the regulator at this time of year because of the rise in shopping and promotional activities.

A key area of focus for the ICO has been to crack down on nuisance calls and inappropriate data-sharing practices through 'Operation HIDA'.

On 22 November, the regulator wrote to more than 1,000 businesses in the UK asking for information on their data-sharing practices. The 15-point questionnaire includes questions on how the business complies with the law, what data is shared and how consent is obtained. Targeted businesses have also been asked to provide a list of all companies they have worked with in the past six months, suggesting that more businesses will fall under the ICO's microscope in the new year.

Businesses that have received the letter have 21 days to respond. Failure to do so could see the issue of Information Notices, which legally compels the business to provide the requested information or otherwise face court action.

The ICO has also published a reminder of the dangers of using third-party marketing lists, an issue that was highlighted in the recent Optical Express case. The blog, which is accompanied by a short video, reminds organisations of their responsibilities under the Privacy and Communications Regulation 2003 and emphasises that it is the organisation undertaking the direct marketing activities that must satisfy itself that appropriate consent has been obtained. The ICO recommends that organisations carry out due diligence and cross check with the TPS when buying third-party marketing lists; otherwise they could face heavy fines. In the UK, the ICO can fine up to £500,000 data protection breaches.

Don't get caught out this holiday season!

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More