UK’s ICO takes enforcement action against Experian after GDPR violations

The UK’s Information Commissioner’s Office (ICO) has ordered the credit reference agency Experian Limited to make fundamental changes to how it handles personal data within its direct marketing services.The enforcement notice follows a two-year investigation by the ICO into how Experian, Equifax and TransUnion used personal data within their data broking businesses for direct marketing purposes. A complaint from the campaign group Privacy International to the ICO also raised concerns about the data broking industry, specifically Equifax and Experian. The ICO found that significant ‘invisible’ processing took place, likely affecting millions of adults in the UK, as signaled by a recent ICO report into data protection compliance in the direct marketing data broking sector.