The U.K.’s data protection watchdog, the Information Office, has issued the U.K.’s first formal notice about a data privacy breach under the European Union GDPR legislation with came into force this year (served under section 149 of DPA18). The company, which is said to have committed significant breach, is the Canadian company AggregateIQ, based in Victoria, British Columbia.
AggregateIQ “integrates, obtains, and normalizes data from disparate sources”. During the Brexit campaign, £3.5 million($4.5 million) was spent with AggregateIQ by four pro-Brexit campaigning groups, Vote Leave, BeLeave, Veterans for Britain, and Northern Ireland’s Democratic Unionist Party. This are predominantly politically right-of-center groups.
On 20 September 2018, AggregateIQ was served a formal notice by the Information Commissioner’s Office for breaching the European Union’s General Data Protection Regulation. The company has launched an appeal against the notice, according to the BBC.
The general points of The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) were assessed in the Digital Journal article “European business needs to get smart about data protection.” The legislation seeks to strengthen and unify data protection for individuals living in each member state of the European Union. The rules will also apply to any personal data exported from within the European Union to a country outside of the European Union.
With the new action, the Information Commissioner’s Office has said while the data of concern was gathered before May 25, 2018, when the GDPR regulations came into effect, the government agency is concerned about the “continued retention and processing” of data after that date.