In February 2019, the Information Commissioner imposed a monetary penalty notice against Somerset Bridge Insurance Services Limited (formerly, and at the relevant time, Eldon Insurance Services Limited) in the sum of £60,000 for a breach of the Privacy and Electronic Communications (EC Directive) Regulations 2003. An enforcement notice and assessment notice were also imposed. Somerset Bridge Insurance Services Limited appealed the notices. Following discussions between the parties, Somerset Bridge Insurance Services Limited has, as a pragmatic compromise, agreed to withdraw its appeal against the monetary penalty notice and enforcement notice. Somerset Bridge Insurance Services Limited will pay the penalty sum of £60,000 without admission of liability and has agreed to a consensual audit of its data protection practices. The Information Commissioner has, in turn, agreed to cancel its assessment notice.
In the time since the imposition of the penalty notice in February 2019, Somerset Bridge Services Limited has undergone a number of changes, including a change in ownership and its management team. Somerset Bridge Services Limited has also conducted a review of its data protection compliance, which resulted in the implementation of amended policies and practices, particularly in relation to its marketing activities. The ICO will carry out a consensual audit of Somerset Bridge Insurance Services Limited's direct marketing and general data protection governance structure and processes in the coming months.
Somerset Bridge Insurance Service Limited recognises its duty of cooperation with the ICO and the vital importance of protecting personal information, and is robustly committed to upholding the data protection rights of its customers moving forward.
You can find further information about the background to this case and the ICO’s previous investigation into the use of data analytics for political purposes on the ICO website.
Update – 08 February 2022
The Approved Judgement in a related Court of Appeal case has been handed down. It dismisses an appeal from Leave.EU over a £45,000 penalty and compulsory audit served in February 2019. This dismissal was due to the organisation failing to attend the hearing on 1 February 2022. The ICO was also awarded costs.
Notes to Editors
- The Information Commissioner’s Office (ICO) upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018, the UK General Data Protection Regulation (GDPR), the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.