The referendum campaign Leave.EU and Eldon Insurance Group were announced to receive GDPR fines for a total of £120,000. This decision was presented by ICO due to unlawful electronic marketing actions. Furthermore, companies are being investigated on complying with other laws on data protection.
Mentioned organizations worked closely together and failed to separate the personal data of political subscribers and insurance customers. Leave.EU sent 300,000 political messages to Eldon Insurance customers. Meanwhile, Eldon Insurance sent emails to more than 1 million of Leave.EU subscribers through two illegal marketing campaigns.
ICO will review data protection practices and data processing activities of both companies. Also, the policies and procedures that are in place regarding staff training. Employees and DPOs of both companies will be interviewed.
Learning TIP: GDPR requires companies to keep the records of data processing activities. It is crucial when providing evidence, that adequate data protection practices are followed. Regular trainings should take place regularly to inform employees about data protection regulations and requirements.