  1. Hi all, I have submitted a GDPR request to Cabot for an old credit card debt which I was paying of as part of a DMP I had until a couple of years ago (and stopped paying as I did ask for the CCA and cabot did not comply). Cabot provided all the information they “had”. They provided (as part of the GDPR the CCA ) however there is no mention or any confirmation that the debt was passed on to them or any correspondence made by them that they now owned my debt (i.e from the previous company, initially Egg, then “according to the notes I could find from Cabot “ idem but absolutely no mention of any communication of either purchasing the debt or correspondence made to me notifying that they were the “rightful” owner” … .not sure if the above makes sense .. I was under the impression that a Debt management company had to prove that they actually owned the “debt” and had to ensure the debtor was notified IF the debt was sold or no? Also it seems that several letters which I have received were not attached to the “GDPR” documentation (thought again they had to provide a copy of any correspondence sent?)
  2. Recently, DWP paid me 7,000.00 backdated payments for sickness / ESA claims as a result of numerous complaints made about 3 work capability assessments, each of which having a medical report made by a nurse which omitted information. 2 of the work capability assessments were recorded. The oral recordings of the assessment differed from the medical notes made by the nurse, this has been shown on 2 occasions when comparing the oral recording with that of the medical report. Pointing this out to DWP - I was ignored for several years, complaints being answered but nothing being done in respect of the complaints. To have a 7 thousand pound payment years after may seem great - reality is that it is all used to pay debts to family who supported me during the time DWP refused to. My data request is for a copy of a report made by a Dr. [redacted] who conducted both investigations into my last 2 work capability assessments. This doctor could not find anything wrong with either of my work capability assessments between that of the actual recording and that of the written medical report. Whereas, other medical professionals have noted several elements whereby the assessments are unfit for purpose. DWP refused to give me this data surrounding the doctor's investigation previously despite my many reminders. Again, in my latest assessment, DWP are refusing to give me this data. The data request was late (it needed reminding). Not only was it late, it did not contain any of the information I had asked for. I had asked for specific information surrounding the 2 investigations made by Dr. [redacted], this should have been 10 pages at the very most. What resulted was at least 3,000 pages (some duplicates) of the entirety of my comlpaints with DWP... In addition to someone elses name and national insurance number (totally unrelated to me) in amongst the data. I wish for specific data surrounding the doctor's investigation. I have an N1 court claim form - are there any templates I can use to make a claim under GDPR forcing DWP to comply with my request? --- The request is for data to aid in other complaints and essentially show that the assessment is unfit for purpose and even when complaining about it, a Doctor answers complaint saying everything is fine - when it is not.
  3. Hi, I have an ebay and paypal account which are both blocked and can no longer be unblocked. I have requested for both accounts to be deactivated and my details removed as i can still login to both accounts. Both ebay and paypal have stated they cannot remove my details or deactivate the accounts, but the accounts are blocked and i cannot use them. I was just looking to see if anyone has any advice for me in regards to whether the above is correct from ebay and paypal?
  4. GDPR, In 2018 I sent a request for CCA/Prove it letter to Idem they never replied or sent the info back. However they kept sending letters/calling to contact them etc, duly ignored as the CCA request was not fulfilled. About 10 weeks ago they sent a letter stating that as they could not get hold of me they decided to pass ALL my details to a company called “callresolve”. After 5 weeks I received a letter from callresolve stating that my details were passed on to them by Idem and that they will send someone over. About 2 weeks ago a lovely (sarcasm!) gent arrived at the house, all with a long black coat (not making this one up I swear) and a lovely badge from “Callresolve” anyhow, as he did not look like your average postman, I asked what he wanted. He said before he could tell me he had to “confirm” my details… I said “ah ok that would be good” and he started “if I could confirm the address” (yes that was right on the front door), I looked at the house number and pointed out at the street sign outside…. He said it was process, then (and this is where it gets quite interesting) he asked for my Date of Birth (to which I replied , I had one and I was happy with it). Anyway at that point I also added that he could “Jog on” and to ensure his coat would not get stuck on the porch. The question is, as Idem ignored any “prove it letter” or even CCA and without my authorization they passed on my private details to a third party. Are they in breach of GDPR guidance. As I thought under the new regulation ALL information can only be passed to third parties with someone’s explicit agreement (I never gave that agreement to Idem. I also got rather annoyed and called Idem, told them that I was still awaiting for the CCA and prove of debt (i.e deed) they said they were not obliged (rightly so I believe, ) to send me the deed of assignment however I asked them if they could confirm and send the confirmation of when they told me of their “Ownership” of the debt, they stated as it was sent in 2009 they did not have a copy (?) Could someone confirm what information I could ask for and if anything else I should be weary of? Idem seem to have got hold of a phone number which I seldom use, and also an email address which I used to set up a DMP years ago (but was still going on last year but NOT for Idem)….are they under obligation to let me know how they got hold of my data and who provided to them? Is there a template for GDPR ? and also what is the process to lodge a complain and to whom? The ICO (from what I can read, would limit itself to “remind” Idem to comply with requirements) Hope the above makes sense!
  5. bit long winded this one, sorry folks. I had been working for an outsourced company in a well known bank. Whilst in training I received strange emails from the trainer. This was following from a conversation in training were I asked a question. He explained (in answer to my question) it was in relation to couples who had a joint account and subsequently split. He said “say you and I were in a relationship”. Three days later I’ve seen he’s gone into my email and sent himself an email from my account/computer “that joint account we were talking about, do you fancy it? Can we get back together” (paraphrased, I have a copy) One of my colleagues saw this email and told me to take a copy to “protect yourself, that's really bizzare”. I replied to him saying “he’ll nah” thinking nip that right now! he’s then ran into the class in front of everyone and said “not up for it no” then left the class. From that moment on every single word that came out of my mouth he seemed to take offence to. Everything. Even just hello. The end result being I chose to just sit in silence in the corner, segregate myself from everyone else, keep myself to myself and not speak to anyone. I did speak to the manager about it and she told me “I get on with him so..” and that was that. Once he told off a member of staff for coming in hung over. Fair enough. However, the next day he’s come in hungover himself and stated “I’m hungover I can’t be (expletive) training you today”. On another occasion I had a difficult call and he grabbed a team leader, they then proceeded to stand watching, laughing at me. On another occasion during “coaching” he took my entire group out for a smoke I “wasn’t allowed until she asks me herself”. i stated "I'm not engaging in that power game, sorry" I was then left sat alone completely ostracised whilst they all went out for a smoke. It later came to me that during this he’d called me a “bitch” I then spoke to his manager who agreed I had a legitimate complaint “but she’s off today so” and that was the end of that. We’ve then gone onto the floor and continued training. We were told we would receive multiple one 2 one coaching. This happened once. When these coaching sessions had been booked onto our schedules we’d be left sitting around doing nothing for hours. the manager told us “the training we said were giving You’re not getting it , I don’t have time”. On the one occasion I did receive coaching I had a call fail for following incorrect procedure. I explained I remembered the call and put my hand up and did what the trainer told me to do. I still failed. This happened multiple times with different members of staff.The end result was hoards of new staff(and old seemingly) on the phones not knowing what their doing (and saying it). I witnessed several regulatory breaches at all levels of staff.. I am PTSD (undeclared, following on from being stalked for two years by a colleague, sexually assaulted and suicide attempts..) and found this exacerbated symptoms. I didn’t declare PTSD to the employer however i did state to trainers the lack of appropriate training was causing severe anxiety attacks. Nothing changed. During my time on the floor training it was agreed that mine would be extended for another week. I was entirely happy with this and expressed the fact that I was going to ask anyway. A few days later I’m told oh no that’s not happening now your going live Monday. I had zero input in this. Decisions are being made around my development with zero input from myself. I stated to them outright "I don’t know what I’m doing!!!" So I’m making my way to work Monday 24th December and had a panic attack in the street. I’ve not had panic attacks for 6 months. I just went home and txt the recruitment number “it’s not for me”. This was a clear resignation with immediate effect. Training group; Bullying was rife amongst this group. One in particular would talk about everyone when they were not around in a derogatory manner. According to this individual several members of staff are “sociopaths”. She would mock me to my face around my degree “shut up about it”. I suspect jealously because we did the same degree and I did better. This individual would relentlessly pick on someone in the group (who had an obvious mental disability of some sort, autism or something I wasn't rally sure). He’d speak in class and this individual would mutter “shut up” he’d sit next to us and she would intentionally and deliberately move away from him then stand around giving dirty looks. He picked up on it because he came and spoke to me he told me it was “making me sad”. I could give many many many many more examples of this persons behaviour. Another individual, the self confessed personality disordered individual(bpd). She started spreading rumours about me and a trainer. I was "into him" apparently, I wasn't. Rumours that were entirely baseless, again. She can deny deny deny but her “friend” told me And I heard her talking about it with my own ears. When I would sit next to the group she would intentionally move away and I’d hear her talking about me. On another occasion this individual was making £5 bets on “who would cry first” this is so nasty I have no words. One of the trainers said to a colleague “I come in here and play with my phones then I go home and play with my girlfriend..” hes 55 shes 19...bleughhhhhhhhh Another time this trainer was ‘helping’ me I got something correct myself and said ‘was I right,yeah?’ He said ‘had to happen sometime didn’t it..”. Bullying. This particular trainer got "barred" from being around trainees because of multiple complaints around his behaviour. Wages; During the 24/12/18 and 7/1/19 I received no communication whatsoever from the employer. I have then emailed on the 7th jan asking for confirmation of what my final wage will be. The response was; “Hi x, Your final pay will be 28th Jan due to your leave date. You will received payment on Monday 14th with any hours worked up till 6th Jan then on 28th you will received any remaining hours due and leaver Annual leave. Thanks x Executive – Compensation and Benefits” I have then received a payslip which just states states “zero”. no deductions nada, just blank. I’ve queried this stating, as per your own timescales I left on the 24th and therefore should receive 1 week outstanding wages and outstanding holiday pay on the 14th jan NOT the 28th as per your own email. At this point someone should have joined the dots that something had gone wrong, they didn’t. They then proceeded to IGNORE subsequent emails and failed to respond or amend my pay. I have then received emails a supposed HR senior: “Hi x, I requested the details from our team and they confirmed an AWOL letter – request to contact was sent to your address and email as attached both on 27th December. As they failed to hear from you it proceeded then to a disciplinary on 7th January again the invite dated 3rd January 2019 was sent to the address we have on file. This meeting went ahead in your absence and was held by x and x. An outcome letter was then sent to you via post which I am happy to hear an appeal should you wish to send through. Can you send me this evidence of your resignation so I can review ( I sent this twice one week prior fyi)? If not, can you confirm who you sent this to and to whom did you resign on the 24th? This resignation had not been cascaded to the team and thus your leave date being 7th Jan via dismissal due to AWOL. If you have evidence of sending your resignation then I can deal with the appropriate person as this has clearly caused a number of issues none more so than your final payment date being pushed back to the 28th January. Regarding names, that’s fine although this can limit our investigations which will be carried out by the training manager when on site in x next week. In regards to your pay & any outstanding monies owed by the company: Ø You will be paid firstly for hours worked from 23rd Dec – 6th Jan on 14th January 2019. Ø Your final pay will then be on the 28th Jan which as both x and x from our Payroll Dept. has advised will include any outstanding hours and unused AL." None of these communications were received by myself. I have then received a call from someone on the floor stating there has been a “GDPR breach”. In that all the wages are incorrect and members of staff have other people’s personal information contained in their own payslips. I was also told they were “wiping the system clean and in putting everyone’s data again. No one from x informed me of a data breach. I have then received copies of the email/letters x claim to have sent me. The email has gone to an address that isn’t mine. The letter has gone to a postcode that isn’t mine. The letters contained within are marked “private and confidential” and contain private personal HR information. This is causing distress. in that I have not left my home for days, I'm trying to secure accounts, I cant eat, I have not slept, days later I have not received a single response from the employer regarding the breach. I am losing my mind. I have been paid zero. Recently I noticed my mobile number has ben used to sign up for shortcode txts. i didn't do this. I DO NOT give my number out. ONLY for work. I believe the two are related. I pointed out this breach to x on the 11/1/19 they seemingly hadn't noticed, it is now 14/1/19 and I have received not one single response from them. I believe they have not noticed this breach, it was me! I have spoken with the ICO who tell me the breach (ive filled in the personal breach report form myself) hasn’t been reported (yet) I believe the 72 hour time limit is breached-the letter sent out was dated 27th December 18. So I have been unfairly dismissed based on data that wasn’t received and has breached my personal data! I also have not been paid a single penny today on my wages. Nothing. I am now unable to make rent and again exacerbates symptoms of PTSD. I also didn’t receive a copy of the contract, despite asking. what can I do here?
  6. Hopefully I have posted this in the correct forum. I had reason to ask a vet i visited last week to send my pets history to another vet, which they did straight away. Today I went to the second vet to ask if I could have a copy of history they had received but they refused saying it was the property of the first vet and that I needed to contact them. I did this but they also refused saying it was something they had never done before. I mention lodging an SAR but they said all they would supply then would be the information they held on me personally such as my name and address and any payments I had made but nothing concerning my pet that they had examined. Although half of me can see the logic in this I wonder whether they are correct. I am not after causing either of the vets any trouble but wanted to see exactly what had been recorded regarding my pets condition. Any help would be greatly appreciated. Thank you.
  7. Would a car parking company be in breach of GDPR if they passed over your details (as a registered keeper) to a debt collection agency, since the driver was the one who entered into the contract allowing them to do so, and not the registered keeper? Just a thought.
  8. Hi sorry but I am not allowed to post in Data protection so team please transfer anywhere you feel appropriate. My question: My father is currently in hospital with Alhzeimer… been there six months and been assessed as eligible for full NHS funding... but the team who find care homes are messing [changed - dx] us about I think because of the costs involved (they are not allowed to do that). I have power of attorney on financial matters... I need to fully understand why they are stalling... can I issue a GDPR on behalf of my father iven my Power of Attorney?? ANY help is appreciated thanks
  9. My mother has a phone contract with Vodafone, she's nearly at the end of the agreement and she would like to cancel it as she has no interest entering into another. She called them to cancel and to pay off any remaining amounts, however they cannot access her account because the main account holders name has been changed, nobody knows anything about this, the name in question is an Arabic name that nobody can pronounce for a start. Vodafone have essentially been useless and unhelpful, we're concerned that her personal data has been compromised, surely this is a breach of the General Data Protection Regulations? Not only has someone accessed her account, they've changed the name on it. Vodafone are still collecting her direct debits and recording her payment history with the credit reference agencies, yet she cannot cancel as per the terms of her agreement.
  10. Hi guys These recent experiences may be helpful. I submitted an email GDPR SAR request to Cabot based on CAG guidence regarding a threat with menace that is statute barred. I received an automated email the next day requesting name, rank, number, D.O.B. etc within two months (I kid you not). Two weeks later I receive a template postal reponse relying on Article 6 of the Regulation and a lawful base for processing personal data. Helpfully, Cabot confirmed that they were now the Data Controller and that they had received my SAR request (which is now some 28 days ago). Whilst my balls are not crystal... you can read the rest. " Dear Sir I note your mailed letter dated xx August 2018 purporting Cabot Reference xxxx7666 (Corbyn might call this a lack of an English sense of irony). I thank you for confirming that you are now the Data Controller. I thank you for confirming receipt of my Subject Access Request of xxth July 2018 and your 'relevant team's' response of xxth July 2018. You will be conscious that, under the new GDPR regime, you have one month from its inception to comply with my GDPR 2018 Subject Access Request. " On a different, yet related note, I received a letter before action (based on the new pre-action-protocol) from Robbers Way on an Egg account that is statute barred and submitted the advised CAG response. I have the standard response; account on hold blah-di-blah. These two CAG advices that I deployed might be usefully signposted as powerful tactical weapons. Love vic x
  11. Thought id challenge the processing of my personal data by a former employer in relation to my banking data, death-in-service beneficiaries and emergency contact details (wife and son's personal data). I left the company in June 2016. The ICO's public guidance is that the aforestated data should be deleted once the employee leaves the company. The ICO has just made a decision that is contrary to the public guidance??? the decision states companies can process the data for seven years. This is bizarre - either the public guidance requires amending or the ICO decision in my case is plainly wrong. What chance has joe public got??????? Below is the ICO's public guidance. Example An employer should review the personal data it holds about an employee when they leave the organisation’s employment. It will need to retain enough data to enable the organisation to deal with, for example, providing references or pension arrangements. However, it should delete personal data that it is unlikely to need again from its records – such as the employee’s emergency contact details, previous addresses, or death-in-service beneficiary details.
  12. Is the new GDPR SAR template suitable for a medical records request from a GP without any specific alterations? Thanks.
  13. Hello, I sent an SAR to a company, they have only partly responded with bits of data, much has been withheld. I have sent a further letter stating that they have not complied fully with the SAR and that if i don't receive the remaining items, then I will proceed to complain to the ICO and take it to court. My question is, do i complain to the ICO first and then go to court for nominal damages, or do I make a court claim first, then send my complaint with the judgement to the ICO? Thanks.
  14. HSBC UK have not complied with my Data Subject Access Request (SAR), submitted under the new General Data Protection Regulation (GDPR). The DSAR was requested on 16/06/2018 and should have been disclosed by 17/07/2018. 16/06/2018 - Request sent to HSBC UK for DSAR under new GDPR 18/06/2018 - Acknowledgement email received from HSBC UK Customer Care Team 22/06/2018 - Acknowledgement letter received from HSBC UK Data Protection Office 17/07/2018 - Data not received, so contacted HSBC UK who stated that they were not aware of this request and have not even started to gather data for the disclosure 17/07/2018 - Internal complaint made to HSBC UK Customer Complaints Team 18/07/2018 - Complaint made to Data Protection Office and Letter Before Action sent to HSBC UK. Telephoned Data Protection Office and confirmed that they have received both email and LBA. When asked for timescales in relation to compliance for my DSAR, a team manager has advised they don't know and cannot give any timescales. I have made them aware I will be reporting the non-compliance to the ICO, but they didn't seem at all bothered. 18/07/2018 - Information Compliant Handling Form submitted to ICO 18/07/2018 - Complaint acknowledgement received from ICO Next steps: Now waiting for the Data Protection Office to make contact with me to progress DSAR and also waiting for HSBC UK complaints team to pick up the complaint. No doubt this will be towards the end of the 8 FCA timescales! Also, waiting to see if HSBC UK will comply within the 5 working days afforded to them in my LBA. I very much doubt they will, due to the large amount of data they will need to gather, redact and securely send on to me. Will potentially need to look at submission of a POC for a County Court claim if not. Submitting a GDPR POC is unchartered territory for me, so if it comes to that point, could really do with some help. Hints/Tips: Some may already be aware of this, but I was not. None of the calls received at the HSBC UK Data Protection Office are recorded. So when I asked for copies of all recordings to their department, they advised me of the above. Also, HSBC UK Data Protection Office don't advertise or easily give up there email address. So if you do need to email that team, you can do so here roi.poc.fulfilment@hsbc.com. It definitely works, as I have emailed them my LBA and complaint letter and they have received it the next day.
  15. I applied for a Subject Access Request to Barclays. Roll on 40 calendar days* Barclays send me two packages via courier. One of them had bank statements and letters belonging to a Nigerian businessman. Some letters were about freezing his accounts due to a court injunction/restraining order, unfreezing it after the court discharged the restraining order, and eventually the accounts being closed by Barclays a few days later. (See redacted documents attached) The statements cover a two year period at least. There was also a letter about a children's Instant Saver Account. (see attached) Account numbers, sort code, address, all transactions on his account...the lot. Pretty shocking how reckless Barclays have been with his data. The worst part is, Barclays say in their GDRP letter sent to us: 'Barclays is committed to protecting your personal data..". Does anyone know if I should complain to the ICO or is it Barclays? It used to be ICO. This may have changed after GDPR came in to play. * - I applied before GDPR came in to force, so deadline was 40 days not 30 as it is now. Barclays-Mr-X-Accounts-Closed.pdf Barclays-Mr-X-Unfreeze-Accounts.pdf Barclays-Mr-X-Restraining-Order-Freeze-Accounts.pdf Barclays-Mr-X-Child-Saver.pdf
  16. Not sure if this is the correct forum,but it's the only 1 closest to my query, it involves an employee. Last week when England knocked out Colombia, there were fans congregating in a town center , blocking the road, and 2 buses were blocked in. Several dozen fans were converging on one of the buses which was immediately outside the pub., rocking it, opening the entrance doors via the outside emergency door button. The driver attempted 3 or 4 times to gently shove a few fans off. 1 fan actually got onto the roof and was jumping on the roof. A harrowing experience for the several passengers on board, some of whom were young women. All the time this was happening, someone was filming the incident. All of a sudden, the video clip is on Youtube. The driver concerned is angry that this video clip is on youtube , uploaded by a local taxi firm. The driver never gave his permission for the video clip to be uploaded or for the drivers face to be shown. The taxi firm did not ask the bus company if they could upload it either. Not only was it embarrassing for the driver at the time of the incident, but it was also a shock for him when he saw the video clip on Youtube, which has gone viral, and has had over 66,000 hits. The bus driver asked me if there is a breach of the Data Protection Act 2018, and/or a breach of the GDPR. As I am not clued up much on both, I cannot give a positive answer So, any help and advice would be greatly appreciated. I will print it off and give it to the employee.
  17. Hello About 3 years ago I had an issue with my pension provider and as a result placed an SAR with them, however they employed delay tactics and required various forms and ID documents to be completed. I know I should have done but never pursued the request. However under the new GDPR I submitted another SAR on the 30 May, recorded mail and signed for by them. They never acknowledged my request and never acknowledged a reminder I sent to them. Needless to say they have not complied. I intend to issue a claim in the County Court as well as reporting them to the ICO. I have issued a LBA informing them I will start proceedings after the 14 days of the date of my LBA and at the same time report them to the ICO. Question is, what will be the nature of the claim, I am not after the £'s, I just want the breach against them to be recorded and I want my personal data from them. Also should I report them to the ICO before pursuing a Court claim?
  18. Well fellow caggers it seams like lending stream are taking no notice of the new GDPR regs I applied for a SAR on 25 May and have just spoken to them to find out where it is as I have no comms from the part from their acknowledgement They have informed me that because it has been sold to Lantern that they need some more time to get the required information. I have informed them that I shall be reporting them to the ICO for failure to comply. Has anyone got the link to the letter I need to send to the ICO I can't seem to find it now
  19. Having some issues with O2 as of March this year as they have decided to link 2 accounts for another person with the same name and DOB as myself, however this other person has a middle name and i do not. I do not have any accounts with O2. 18/3/18 Received letter stating i was in breach of contract for not paying my O2 bill. 22/3/18 Received letter telling me they had stopped me making calls and texts. 23/3/18 Checked call credit report and O2 had already linked my address with the debtors in Janurary 18 and had both accounts listed. 23/3/18 Emailed call credit stating the incorrect information. 2/4/18 Received letter from O2 telling me they had disconnected my phone. 7/4/18 Requested credit report from Experian. 20/4/18 received letter from call credit stating that O2 had not bothered to respond to them, and are unable to amend the entries to my credit file without the permission of O2. 20/4/18 same letter as above also stating that the disputed entries will be supressed from my credit file, however, O2 can remove the suppression at any time. 21/4/18 complaint letter sent to Experian stating the incorrect accounts and linked addresses. 17/5/18 Received email from Experian telling me O2 had supplied the following details "The link is correct as the account was registered to the disputed address." 1/5/18 Received letter from Experian stating O2 had removed the accounts but not the linked addresses. 1/5/18 Complaint send to ICO about Experian knowingly registering wrong information on there systems even though it had been proved it was not me O2 were looking for. 5/6/18 sent SAR to Experian 5/6/18 SAR sent to O2 8/6/18 Received letter requesting what specific information i wanted from Experian. 11/6/18 Sent Experian an email stating i wanted the information between themselves and O2 to see what had been said about the matter. 11/6/18 Received email back from Experian stating that they had supplied the information the comparison data sets in the additional information i could request. No information regards conversations about themselves and O2. What O2 have done here is add accounts and linked addresses to a serial debtor on my credit report , opening the floodgates for all of these other companies to jump on the bandwagon adding CCJs , Defaults, Late payment accounts to my credit files. They are refusing to remove the wrong data from my Experian report and as stated above have not even replied to call credit about the issue. No reply as yet from the ICO as they are running 8 weeks behind about the Experian complaint. Next steps to take against O2 if anyone has any suggestions, AGAIN O2 are the ones that have opened the floodgates for all of the other comapnies to throw wrongful information onto my credit files without even bothering to do the correct checks. ***Please also note that my Experian credit report in April stated O2 were the source of the linked address, however my credit file in June states Experian are the source of the linked address*** Something funny going on i think. Thanks
  20. Not sure where to post this so will try here. I was expecting a time sensitive document to be sent to me by the 28th of this month and it still hasnt arrived. The company sending it claimed it was printed and posted 1st class on the 29th and therfore they had complied with the requirements to issue document. Now, can I use the GDPR to ask for a copy of the metadata for this document to see if it was indeed sent out in time ( should show date doc created and then printed) as this solely relates to that document and can identify the document as being my data when it is processed so not anonymous or general. If so how should the data be sent as the old DPA stated it should be legible and easily understood or notes of explanation included. Your opinions please
  21. Disclosure and Barring Service - GDPR is here READ MORE HERE: https://www.gov.uk/government/news/gdpr-is-here
  22. Now considering the implications of the new GDPR this response from a well known recruiting agency could hardly be called compliant could it ? surely the default position would be to delete the CV if unsuccessful. If your application is unsuccessful, we will keep your personal data for up to 6 months from the date we notify you of our decision. (Note, we may keep your personal data for longer than 6 months if you have asked us to consider you for future vacancies – see ‘Will we keep your application on file?’ below). There may, however, be circumstances in which it is appropriate for us to keep particular items of your personal data for longer. We will base these decisions on relevant circumstances, taking into account the following criteria: · the amount, nature, and sensitivity of the personal data
  23. I believe that a former employer may have acted unfairly against me whilst I worked there and I'm intending to SAR them to see if there is any evidence of this which I can use. I do not know where the evidence may exist or in what form, whether it is in emails, phone calls (which I know to be recorded and stored) or paper records so I would like to make a SAR for every piece of information they have. I also obviously do not want to disclose the reason for my request and find that the evidence I'm looking for may miraculously disappear. I am uncertain whether it's better to make a SAR in the next couple of days (before GDPR comes in), or wait until next week when GDPR is introduced. Under the present system, AIUI I pay the statutory fee of £10 but I then have an unqualified right to request all information. However, under GDPR the statutory fee is abolished but they will be able to charge a 'reasonable fee' where the request is 'manifestly unfounded'. Is there any guidance as to what a reasonable fee might be (lower/higher/the same as the current statutory fee?), and what qualifies as a 'manifestly unfounded' request - is a general request for all data rather than a targeted request considered 'unfounded' in itself?
  24. If you have any comments, questions, insights or suggestions about the new GDPR regime which comes in force on 25 May, please post them here. New template here
  25. In May 2018 the new General Data Protection Regulation will come into force. This is an EU wide regulation and although the UK will be leaving the EU, these new regulations will be implemented. http://tinyurl.com/zqfmm48 The above linkis from the ICO goes into some detail but it isn't very clear as yet. The one major change to consumers is the removal of the £10 fee although companies can charge for extra searches. I'm not 100% sure that the removal of fees relates to medical records as yet. If the NHS cannot charge the usual £50, that will be a big bonus. http://tinyurl.com/zrg22z4
