In what has been a busy few weeks for the Information Commissioners Office, they have served an enforcement notice on Experian, following a 2-year investigation into its data broking practices, along with those of Equifax and TransUnion. Equifax and TransUnion made the necessary changes, but Experian is now forced to make fundamental changes to how it handles people’s personal data within its direct marketing services, or risk further action.
The ICO says that two key failings were that the privacy information did not clearly explain what they were doing with people’s data, and that they were using certain lawful bases incorrectly.
You can read the full ICO ruling here but every organisation needs to clearly explain what they are doing with the personal information they collect, and ensure they are using the correct lawful bases for processing.
A data protection review is the ideal way of checking that you can demonstrate compliance with these things, and much more so why not find out more? It’s a key part of what we do, helping you to stay and as well as delivering more impact.