I can help with this, or more accurately my wife can who is a compliance manager within insurance. Below is written by her:
Insurers are allowed to pass on your information to third parties if its necessary for the operation of the contract but this list can be extensive as it could include previous insurers, loss adjuster, assessors etc. However they are not allowed to sell you information on as this would be outside of the purpose they are supposed to be using this information for. It is highly unlikely to be the insurance brokers themselves (they are generally too small for it to be worth the risk of doing something which could incur such big fines)
My advice would be to let the ICO know (not the FCA, as the FCA are only interested in whether they are providing adequate advice and misselling etc not how they handle your data, that is definitely an ico job) The ICO have openly admitted that they will have little patience with insurers who don’t play by the new GDPR rules so the more people who report their complaints the more likely they are to Investigate.
If you were feeling particularly dogmatic about it you can make a request for a report on who your information was provided to, this can take up to a month (or more if they have reason to delay your response) but they can’t refuse to do it. It’s within your rights, your right of access.
If it’s a personal number (not a business one) the company called you could add that number to the the TPS report, if you get a call to that number 28 days after you have registered and you know the name of the company that called you You can make a complaint to them, this report also goes to the ICO to contribute to their investigations into companies which have numerous reports.
I know it’s not a quick fix but hopefully it helps.
Edited by Turbo_Verde (03/07/2018 20:30)