This might also interest you...

ICO's First GDPR Enforcement Notice

10 Oct 2018


AggregateIQ (AIQ) is the first company facing a potential fine by the Information Commissioner's Office (ICO) for non-compliance with the General Data Protection Regulation (GDPR).


An enforcement notice was sent to AIQ in July which mandated that the firm must stop processing the personal data of UK or EU citizens obtained from political groups, or face a heavy financial penalty. Although the enforcement notice was issued two months ago, it only emerged publicly in the last few days. AIQ has chosen to appeal this notice.


Unlawful Processing


According to Cambridge Analytica whistle-blower Chris Whylie, AIQ used data obtained by Cambridge Analytica to build an app that targeted Republican voters in the 2016 US election.


It ran a similar campaign during the Brexit Referendum where it was paid £2.7m by the Vote Leave and BeLeave campaigns and reportedly was involved in political actions in Northern Ireland.


The company is denying any involvement with Cambridge Analytica and Facebook, saying its processes of collecting data are completely transparent.




The Canadian company was given 30 days to audit its processes before the ICO fined the firm up to £17 million, or 4% of the company's annual global turnover, whichever is higher. However, this timetable is suspended pending an appeal being heard.


The GDPR forms part of the data protection regime in the UK, together with the new Data Protection Act 2018 (DPA 2018). If you are a data processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. 


The ICO has extensive enforcement powers, which range from requiring undertakings to enforcement notices and from monetary penalties to prosecution through the criminal courts.


The Regulation Unit at Short Richardson and Forth achieve excellent results in defending clients subject to the ICO's enforcement procedures and have the expertise to advice from the outset. If you require our assistance please do not hesitate to contact our Head of Regulation – Andrew Swan at or on 0191 2111503.

Share on Facebook
Share on Twitter
Please reload

Please reload

  • FB
  • Twitter
  • LinkedIn
  • Youtube

Short Richardson & Forth, 4 Mosley Street, Newcastle upon Tyne, NE1 1DE

Tel: +44 (0)191 232 0283  ·  Email:


Short Richardson and Forth Solicitors Limited is a private limited company registered in England and Wales under company number 10572065, authorised and regulated by the Solicitors Regulation Authority No 637150.

Short Richardson and Forth Solicitors Limited is a private limited company constituted and run in accordance with the provisions of the Companies Act 2006. The term “partner” has been used to denote individual senior solicitors employed by Short Richardson and Forth Solicitors Limited.