The Experian Enforcement Notice Case


In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we consider the Experian enforcement action. Recently, the UK Data Protection Authority, the Information Commissioner’s Office (ICO), slapped Experian with an enforcement notice requiring the company to make major changes to how it processes personal data in its UK marketing services business. The main themes in the investigation, which targeted various players in the credit referencing industry, centered on “invisible processing”, “over processing”, providing insufficiently clear privacy information and using certain lawful bases incorrectly for processing people’s data. Some of the highlights are:

  1. Background to the case.
  2. Why did the other credit rating agencies agree to the ICO terms?
  3. This matter is about the Enforcement Notice and not fines and penalties.
  4. Why is transparency essential in data processing?
  5. How does big data make all this more difficult?
  6. What are ‘legitimate interests’?

Check out the Cordery Compliance, client alert on the Experience matter, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Leave a Reply

Your email address will not be published. Required fields are marked *