In October 2020, the ICO (Information Commissioner’s Office) released a report detailing multiple GDPR (General Data Protection Regulation) failings by CRAs (credit reference agencies).
In this guide, we explain the ICO’s key findings and detail the practical implications for organisations in the data broking industry, many of which source data from the CRAs.
The guide covers:
- An overview of the investigation;
- The ICO’s six key findings, our interpretation and potential impact for data brokers
- Article 14
- Purpose limitation
- Legitimate interests
- Legal basis
- Summary and advice for data brokers.