Ever more frequently organisations are buying lists for marketing purposes from data brokers without taking necessary data protection-related precautions. This is an extremely risky practice.  As the Information Commissioner's Office points out in it’s recent “Investigation into the use of data analytics in political campaigns Investigation update” report - (see pages 14-15) - organisations must exercise extreme caution and be sure that relevant due diligence activities are carried out, that adequate checks have been made concerning the collection of the necessary, lawful, and demonstrable consent of the data subjects, and that the data is processed in a fair manner.