Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

×

Status message

Start your free, no obligation 5-day trial to continue exploring with full access.

ICO issues first formal GDPR enforcement action

Jaclyn Jaeger | October 5, 2018

Canadian data analytics firm AggregateIQ Data Services has become the first company to face a formal enforcement action by the U.K. Information Commissioner’s Office for violations of the EU General Data Protection Regulation and the U.K. Data Protection Act.

AggregateIQ Data Services (AIQ) is a controller, as defined by Article 4(7) of the GDPR and Section 6 of the Data Protection Act (DPA). In May 2017, the ICO announced a formal investigation “into the use of data analytics in political campaigning.”

The ICO reached out to AIQ regarding its processing of personal data on behalf of U.K. political organizations—in particular, Vote Leave, BeLeave, Veterans for Britain, and the DUP Vote to Leave. As part of AIQ’s contract with these political organizations, AIQ was provided with personal data, including names and e-mail addresses of U.K. individuals. “This personal data was then used to target individuals with political advertising messages on social media,” ICO said...

Buy this article for $49, or subscribe to Compliance Week for a month at $149 and get unlimited article access for 30 days.