Search

How can we help?

Icon

Company fined £80,000 for selling personal data without owners’ consent

  • 24 November 2017
  • Privacy and Data Protection

The ICO has fined data brokering company Verso Group (UK) Ltd £80,000 for a serious and deliberate contravention of the Data Protection Act 1998 (DPA).

An ICO investigation found that the company had supplied personal data to two other companies who then used the data for telemarketing purposes (including nuisance calls). Verso failed to ensure it had appropriate consents from the data subjects to forward their personal data on in this way.

In determining the amount of the fine, the ICO considered:

  • The contravention involved large volumes of personal data and data subjects;
  • Verso’s contraventions were systemic, deliberate and not isolated or one-off;
  • These contraventions occurred over a period of years; and
  • Verso’s conduct during the investigation was found to be “unhelpful and obstructive.”

An ICO investigation found that the company had supplied personal data to two other companies who then used the data for telemarketing purposes (including nuisance calls).

Organisations should keep in mind that the GDPR is replacing the DPA in May 2018, and under the new law consent will be even harder to obtain as a basis to process data.

The GDPR places an even greater focus on organisations being transparent on information being provided to individuals before their data is processed. The ICO’s findings and sanction also emphasise the importance of assisting the ICO in any investigations they carry out.

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Author profile

Get in touch

+44 118 958 5321

About this article

  • Subject
    Company fined £80,000 for selling personal data without owners’ consent
  • Author
  • Expertise
    Privacy and Data Protection
  • Published
    24 November 2017

Read, listen and watch our latest insights

Pub
  • 16 March 2026
  • Corporate and M&A

Shareholder Disputes: Managing Shareholder Buyouts and Exits – Episode 3

Join Stuart Mullins and Nicky Goringe Larkin for the third and final episode of our Shareholder Disputes series, where we move from prevention to resolution—exploring what happens when a founder’s exit becomes unavoidable.
art
  • 13 March 2026
  • Employment

When Immigration compliance becomes discrimination: The UK’s uncomfortable workplace balance

UK employers today operate under powerful, and some may say conflicting, legal pressures. On one hand, they must prevent illegal working under UK immigration laws.
art
  • 09 March 2026
  • Commercial Real Estate

Commercial Rent Deposits – A brief overview

A rent deposit is money provided by a tenant to its landlord as security for payment of the rent and performance of the tenant’s covenants contained in the lease.

art
  • 03 March 2026
  • Employment

International Women’s Day 2026 – Supporting equality and inclusion for a better, happier workforce

This year, International Women’s Day is inviting everyone to think differently about equality and how it can benefit everyone. The theme this year is ‘Give to Gain’.

art
  • 02 March 2026
  • Employment

10 facts an employer should know about holding personal data

Personal data is any information that can be used to identify an employee.

art
  • 27 February 2026
  • Litigation and dispute resolution

How (not!) to serve a winding up petition on a company using a default address

This case concerned an appeal by DG Resources Ltd (“DG”) on the basis that a winding up petition brought by HMRC (the “Petition”) was invalidly served.

See More