Search

How can we help?

Icon

Company fined £80,000 for selling personal data without owners’ consent

  • 24 November 2017
  • Privacy and Data Protection

The ICO has fined data brokering company Verso Group (UK) Ltd £80,000 for a serious and deliberate contravention of the Data Protection Act 1998 (DPA).

An ICO investigation found that the company had supplied personal data to two other companies who then used the data for telemarketing purposes (including nuisance calls). Verso failed to ensure it had appropriate consents from the data subjects to forward their personal data on in this way.

In determining the amount of the fine, the ICO considered:

  • The contravention involved large volumes of personal data and data subjects;
  • Verso’s contraventions were systemic, deliberate and not isolated or one-off;
  • These contraventions occurred over a period of years; and
  • Verso’s conduct during the investigation was found to be “unhelpful and obstructive.”

An ICO investigation found that the company had supplied personal data to two other companies who then used the data for telemarketing purposes (including nuisance calls).

Organisations should keep in mind that the GDPR is replacing the DPA in May 2018, and under the new law consent will be even harder to obtain as a basis to process data.

The GDPR places an even greater focus on organisations being transparent on information being provided to individuals before their data is processed. The ICO’s findings and sanction also emphasise the importance of assisting the ICO in any investigations they carry out.

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Author profile

Get in touch

+44 118 958 5321

About this article

  • Subject
    Company fined £80,000 for selling personal data without owners’ consent
  • Author
  • Expertise
    Privacy and Data Protection
  • Published
    24 November 2017

Read, listen and watch our latest insights

Pub
  • 08 January 2026
  • Privacy and Data Protection

Data Protection Audits: Launch Event

Join us for a breakfast networking session on Thursday 26th February 2026 as we officially launch our Data Protection Audit services.
art
  • 08 January 2026
  • Privacy and Data Protection

Data Protection – what’s happened in 2025?

2025 has been a lively year for the data protection sphere, with the main talking point coming from the UK’s data reform Bill finally receiving Royal Assent on 19 June 2025.
art
  • 07 January 2026
  • Commercial Real Estate

Real Estate: update and 2026 expectations

The previous year has been an eventful one for the commercial property sector.
art
  • 06 January 2026
  • Commercial Real Estate

FAQ – Buying a commercial property in England and Wales

If you want to invest in the commercial property market in England and Wales (the two countries share the same jurisdiction), it is important to understand that the process differs significantly from buying a property in France.

art
  • 05 January 2026
  • Immigration

UK Immigration changes in 2025: What to expect in 2026

This wrap-up brings together the key developments from across the year, highlighting what has changed, what is still evolving, and what organisations should be planning for as we move into 2026.
Pub
  • 01 January 2026
  • Public Procurement

Procurement Challenges under the Procurement Act 2023

Taking prompt advice is essential as unsuccessful bidders have just ten days within which to issue court proceedings if they want to benefit from the automatic suspension provided for in the Regulations, which prevents the contracting authority from awarding the contract to anyone else.
See More