The Financial Conduct Authority (FCA) and Information Commissioner’s Office have warned firms over selling on personal data to claims management companies (CMCs).
The two regulators said they are aware that some FCA-authorised firms and insolvency practitioners (IPs) have attempted to sell clients’ personal data to claims management companies (CMCs) unlawfully.
This can happen either before or after a firm has gone into administration and where it is likely claims for compensation will be made to the Financial Services Compensation Scheme.
They said the terms, conditions and clauses within a standard contract are highly unlikely to constitute sufficient legal consent for personal data to be shared with CMCs to market their services and may not be lawful.
By passing on personal data, companies could be in breach of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
The regulators said that CMCs seeking to rely on legitimate interest grounds for processing such data are “highly unlikely to meet the requirements of the GDPR”.
When a firm breaches GDPR, they are liable to be fine €20m or four percent of annual turnover, whichever is higher.