UK: Information Commissioner’s Office Issues Enforcement Notice to Data Controller for GDPR Failings

On October 30, 2018, the Information Commissioner’s Office (ICO) released an enforcement notice addressed to AggregateIQ Data Services Ltd (AIQ), in its capacity as a data controller under both the new Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR). The ICO derived its mandate for the issuance of the enforcement notice under Section 150(2) of the DPA.

The notice, dated October 24, 2018, follows another notice served by the ICO to AIQ in July 2018, which is replaced by the present. The reason for the issuance of the notice is mainly concerned with AIQ’s processing of personal data belonging to millions of UK citizens on behalf of political organisations without due legal or ethical consideration of the impacts on the UK’s democratic system.

To continue reading please log in or request a demo to speak to a member of the team.