Regulators warn firms on selling personal data

The FCA, ICO and FSCS have warned regulated firms and insolvency practitioners of the need to be responsible when dealing with personal data.  The regulators have become aware of sales of client data to CMCs either before firms have gone into administration or where it is likely claims will be made to FSCS.

The communication warns firms that terms, conditions and clauses in a standard client agreement are unlikely to constitute sufficient legal consent for sharing data with CMCs for them to market their services, and so those that pass on the data may be breaching the GDPR and DPA 2018, and any subsequent communications from the CMCs by be breaching the Privacy and Electronic Communications Regulations.  Additionally, the CMCs are likely to be breaching their obligations under FCA rules.


Emma Radmore