In October 2020, the ICO (Information Commissioner’s Office) released a report detailing multiple GDPR (General Data Protection Regulation) failings by CRAs (credit reference agencies).
In this guide, we explain the ICO’s key findings and detail the practical implications for organisations in the data broking industry, many of which source data from the CRAs.
The guide covers the following:
- An overview of the investigation;
- Our interpretation, and the potential impact on data brokers, of the ICO’s six key findings:
- Article 14
- Purpose limitation
- Legitimate interests
- Legal basis
- Summary and advice for data brokers.