Experts: ICO apology to ex-CEO does not absolve NatWest of GDPR liability
In a rare move, the U.K.’s data regulator clarified former NatWest Chief Executive Alison Rose did not breach the General Data Protection Regulation (GDPR) when she briefed a journalist about the bank’s decision to ax the account of right-wing commentator Nigel Farage.
On Nov. 6, the Information Commissioner’s Office (ICO) issued a public apology to Rose for inferring she breached the GDPR for releasing details about Farage’s accounts and that she—rather than NatWest—was under investigation for it.
Organizations that control personal data are generally the subject of data protection law. As such, NatWest—not Rose—is the “data controller” and therefore subject to ICO oversight.