Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Oct 6, 2018 13:56:41 GMT
Anyone else had cause to try to use, yet? It brings an extra layer of bureaucracy to my industry, but I'll suck that up as I think it's long overdue.
My first attempt to use it is with Dixons Carphone Shitehouse:
- We bought a phone from them years ago, and ended up having to complain because they'd kippered us up with unwanted insurance. Got it sorted eventually, but haven't crossed a DCS threshold since then.
- Got an 'Oops! We lost your data' email at the very end of Aug.
- Wrote to them by recorded almost straight away instructing them to delete our files.
- No reply, so had to do so again a month later.
- Their reply was that they would only do so if we proved that we were who we say we are, by giving them the gold standard ID of passport/driver's licence, plus bank statement/utility bill. Hmm - perfectly happy to entrust an incompetent organisation that I can't abide with that little lot...
- The ICO's website is pretty helpful - ico.org.uk/
And has this to say about requesting ID:
Can we ask an individual for ID?
If you have doubts about the identity of the person making the request you can ask for more information. However, it is important that you only request information that is necessary to confirm who they are. The key to this is proportionality. You should take into account what data you hold, the nature of the data, and what you are using it for.
The ICO seems to agree that their request is disproportionate, and that DCS has no reason to doubt our IDs. It also has no real reason to hold onto data either.
So fuck them. I've written to explain all of this, and told them what they will have on file (our complaint, email address etc) and that they delete our file or the ICO will tell them to do so.
Will be encouraging the in-laws to do something similar, as they wrote to complain to DCS about something and also requested data deletion - DCS completely ignored that part.
If DCS lost any of your data, please, please put the boot in. Same goes for anyone else who plays fast and loose with your personal info...
|
|
|
Post by johnc on Oct 6, 2018 14:33:22 GMT
I think there are a lot of companies who are neither fully aware of their responsibilities nor geared up to deal with the deletion of data. Companies can only retain data if they have a legitimate reason to have it. However for many businesses it is sufficient to retain information for 6 years under tax law requirements if it is an integral part of their accounting records. If the details are only held for marketing then it must be destroyed.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Oct 6, 2018 14:46:09 GMT
My site manager (Housing) created an account with Gritish Bas in my name and without consent, including password. I tried to pay my bills and talk about canceling the agreement to set up an account with a decent payment rate but they refused because, I did not know the password.
ICO believe they have every right to do this and the site manager believes she has the right but being unable to afford a lawyer I cannot do a thing about it. Other than refuse to play ball with them. Numerous notes from GB "Now, Michael, we have told you to activate your online account and you have failed to do so". My response? Get lost.
|
|
|
Post by johnc on Oct 6, 2018 14:57:01 GMT
My site manager (Housing) created an account with Gritish Bas in my name and without consent, including password. I tried to pay my bills and talk about canceling the agreement to set up an account with a decent payment rate but they refused because, I did not know the password. ICO believe they have every right to do this and the site manager believes she has the right but being unable to afford a lawyer I cannot do a thing about it. Other than refuse to play ball with them. Numerous notes from GB "Now, Michael, we have told you to activate your online account and you have failed to do so". My response? Get lost. If someone has set up an account in your name using a computer and email address which are not yours then that is fraud. If the email address is yours, you should be able to re-set the user name and the password.
|
|
|
Post by Roadsterstu on Oct 10, 2018 22:49:14 GMT
Indeed. Why has someone else set up the account in the first place?
|
|
|
Post by Tim on Oct 11, 2018 8:45:00 GMT
GDPR has the potential to be a massive pain in the ass, especially for financial services companies who, in my current experience, have paperwork for clients going back several centuries. I think it'll gradually sort itself out as cases are brought by the ICO and big companies are undoubtedly going to get hit by some huge fines - and a follow up from customers looking for some form of financial compensation. One of the headaches we've had is knowing what client info to keep/delete and trying to get relevent people to take the time to go through historic files and thin them out as required. A lot of this can only realistically be achieved by fee earners - the filing/admin bod who would otherwise do it would need some comprehensive training to be able to go through every file and not throw away something potentially important (or expensive!) - and understandably the thought of going through several hundred boxes of old files has filled them with horror and they are in danger of overusing the word 'no'. We can effectively threaten them to force them to do it but that's only going to cause some bad blood. And as the GDPR rep for the firm they're going to learn to dislike me even more. Fuck 'em though
|
|
|
Post by LandieMark on Oct 11, 2018 13:56:55 GMT
I’ve had this to deal with for the car club. Despite that fact that several people people have advised that as people have joined the club, they should expect to be contacted by their regional organiser about what is going on so we are covered.
The club office asked us all to email everyone to confirm and give a deadline. It has shaved my mailing list by about 30 email addresses I didn’t hear from, but I’ve had requests to be added in as they didn’t want deleting but forgot to answer my original email. It’s a PITA.
|
|
|
Post by Bob Sacamano v2.0 on Oct 11, 2018 14:17:52 GMT
I've looked at it. And decided to ignore it completely.
|
|
|
Post by Roadsterstu on Oct 22, 2018 7:23:26 GMT
GDPR means that all the useful day to day info, photos of suspects and their connections, addresses, vehicles they use, current missing people, patrol areas, everything has had to be removed from oyr office walls at work. Not only do the walls no look very blank but there is no easy to see reference material and no faces to become familiar with by seeing their photos every day. Even cars of interest, their reg numbers have had to be taken off the wall. We used to have TV screens with rolling briefing info on - now they sit on wall switched off. Ridiculous.
|
|
|
Post by Bob Sacamano v2.0 on Oct 22, 2018 7:29:45 GMT
GDPR means that all the useful day to day info, photos of suspects and their connections, addresses, vehicles they use, current missing people, patrol areas, everything has had to be removed from oyr office walls at work. Not only do the walls no look very blank but there is no easy to see reference material and no faces to become familiar with by seeing their photos every day. Even cars of interest, their reg numbers have had to be taken off the wall. We used to have TV screens with rolling briefing info on - now they sit on wall switched off. Ridiculous. As usual with these things in this country you have a new ruling being applied without common sense.
|
|
|
Post by Roadsterstu on Oct 22, 2018 8:17:53 GMT
GDPR means that all the useful day to day info, photos of suspects and their connections, addresses, vehicles they use, current missing people, patrol areas, everything has had to be removed from oyr office walls at work. Not only do the walls no look very blank but there is no easy to see reference material and no faces to become familiar with by seeing their photos every day. Even cars of interest, their reg numbers have had to be taken off the wall. We used to have TV screens with rolling briefing info on - now they sit on wall switched off. Ridiculous. As usual with these things in this country you have a new ruling being applied without common sense. Plus I can't be trusted to report back that my small beat office in a community building is compliant by having nothing on the walls. Oh no. Two staff members have to drive a 30 mile round trip to check it. But I might have to meet them there, because I have the office key!
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Oct 22, 2018 8:19:55 GMT
The main problem with GDPR is that they've gone for a one size fits all approach, and schools have been affected in the same way.
|
|
|
Post by Bob Sacamano v2.0 on Oct 22, 2018 8:22:31 GMT
As usual with these things in this country you have a new ruling being applied without common sense. Plus I can't be trusted to report back that my small beat office in a community building is compliant by having nothing on the walls. Oh no. Two staff members have to drive a 30 mile round trip to check it. But I might have to meet them there, because I have the office key! Don't worry, I'm sure someone in the Home Office has paid millions to have an app developed that will take all the information you had on your walls and download it via electrodes from your phone to your brain as you sleep. To comply with GDPR you'll get your brain wiped every Friday.
|
|
|
Post by Big Blue on Oct 22, 2018 9:09:21 GMT
I love the fact that since these rules came into place I’ve had to have a new Credit Card due to a data breach and I now get emails from myself telling me everything I have has been hacked because they know a part of a password and part of a phone number from the list they clearly hacked.
|
|
|
Post by Alex on Oct 22, 2018 9:44:23 GMT
The main problem with GDPR is that they've gone for a one size fits all approach, and schools have been affected in the same way. I work with a number of them and especially in prep schools they have to have children’s pictures up in the servery to ensure that those with allergies don’t get fed the wrong food. A number have taken these down for fear of being in breach of GDPR. It really is a sledgehammer to crack a nut.
|
|
|
Post by Tim on Oct 22, 2018 10:03:56 GMT
The main problem with GDPR is that they've gone for a one size fits all approach, and schools have been affected in the same way. I work with a number of them and especially in prep schools they have to have children’s pictures up in the servery to ensure that those with allergies don’t get fed the wrong food. A number have taken these down for fear of being in breach of GDPR. It really is a sledgehammer to crack a nut.
They don't have to take the photos down, they 'simply' have to get written consent from the parents to have the photos up for that purpose.
Easy!!
|
|
|
Post by Bob Sacamano v2.0 on Oct 22, 2018 10:10:19 GMT
The main problem with GDPR is that they've gone for a one size fits all approach, and schools have been affected in the same way. I work with a number of them and especially in prep schools they have to have children’s pictures up in the servery to ensure that those with allergies don’t get fed the wrong food. A number have taken these down for fear of being in breach of GDPR. It really is a sledgehammer to crack a nut. It's the end for BBC's Crimewatch: "Have you seen this man?" - well, obviously we can't show you his photofit - just a blank screen - but have you seen him* anywhere? * or any persons or gender identifying themselves of the male* gender. * when we use the term "male" we do not use this as a pejorative term to associate all those who commit offences as being from the male gender*. * we use the term "gender" we use this as an inclusive term, not an exclusive one*. * in this case we use the term "one" to signify the lowest cardinal* number, not meaning the individual identifier. * this is in no way related to the Catholic Church and their propensity to fiddle with kiddies.
|
|
|
Post by Boxer6 on Oct 22, 2018 10:20:50 GMT
I’ve had this to deal with for the car club. Despite that fact that several people people have advised that as people have joined the club, they should expect to be contacted by their regional organiser about what is going on so we are covered. The club office asked us all to email everyone to confirm and give a deadline. It has shaved my mailing list by about 30 email addresses I didn’t hear from, but I’ve had requests to be added in as they didn’t want deleting but forgot to answer my original email. It’s a PITA.
My model flying club's AGM is this Thursday, and we will be pointing out to the membership that what we do with the (very limited) information we (well, I) hold on them is clearly outlined on the application form they all have to complete and sign EVERY year, plus this is also contained within the constitution of the club (which they have all been provided copies of).
Our constitution expressly forbids email contact with committee members, mostly due to a SNAFU with the then-committee a few years ago, which resulted in threats of law suits and the like being bandied about.
|
|
|
Post by Roadsterstu on Oct 22, 2018 11:52:25 GMT
I work with a number of them and especially in prep schools they have to have children’s pictures up in the servery to ensure that those with allergies don’t get fed the wrong food. A number have taken these down for fear of being in breach of GDPR. It really is a sledgehammer to crack a nut.
They don't have to take the photos down, they 'simply' have to get written consent from the parents to have the photos up for that purpose.
Easy!!
I think that rather like the DPA, GDPR will be frequently used in error as a way of not providing information.
|
|
|
Post by bryan on Oct 22, 2018 12:31:10 GMT
There are 6 basis of processing data under gdpr, consent is only one....
I'm amazed the police couldn't use public interest or official capacity or compliance with a legal obligation let alone a legitimate interest.
Vital interest less so unless civil unrest I guess and contractual unlikely to apply
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Oct 22, 2018 12:42:07 GMT
John Lewis insurance, who I've had a massive barney with in the past for not leaving me be, have just sent me a letter today. I crossed out my address, wrote RTS on the front and "you've been asked numerous times not to contact me again, please do as you're asked" on the back under the return address.
|
|
|
Post by Bob Sacamano v2.0 on Oct 22, 2018 13:10:57 GMT
They don't have to take the photos down, they 'simply' have to get written consent from the parents to have the photos up for that purpose.
Easy!!
I think that rather like the DPA, GDPR will be frequently used in error as a way of not providing information. The problem is you have legislation written in a highly confusing way that is difficult for the layman to grasp. Then organisations will nominate some poor sod to go on a one day course to learn all about GDPR, after which they'll be so confused that, for safety's sake they'll declare that everything falls foul of GDPR just to cover themselves. The press will then delight in further confusing the issue by seizing on any illogical GDPR story and splashing it across the front page.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Oct 24, 2018 14:14:33 GMT
John Lewis insurance, who I've had a massive barney with in the past for not leaving me be, have just sent me a letter today. I crossed out my address, wrote RTS on the front and "you've been asked numerous times not to contact me again, please do as you're asked" on the back under the return address. If you make a request and have proof of it, contact the information commissioner. ico.org.uk/ Apparently a £10k fine every time they bother you.
|
|
|
Post by Bob Sacamano v2.0 on Oct 24, 2018 15:39:45 GMT
My mother still gets letter addressed to my dad - 26 years after he died.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Oct 25, 2018 7:48:13 GMT
So, Carphone Warehouse have ignored my second letter, sent by recorded delivery, and are saying that they have removed my 'request to forget.' Whilst GDPR's application has its faults, it is much needed legislation. Cuntphone shitehouse seem to feel that my data is theirs. Fuckers will rue the day.
Bear in mind if you are considering crossing their threshold any time soon...
|
|
|
Post by Bob Sacamano v2.0 on Oct 25, 2018 8:02:03 GMT
Actually I've only ever had really good experiences at CPW, most recently when the manager at Kingston Park did a really good deal on a new Samsung for Mrs Sacamano and she sold him a hospitality package at the rugby for a managers' meeting.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Oct 25, 2018 8:50:29 GMT
Every interaction we've had with them has been (at best) disappointing - without exception.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Oct 25, 2018 9:38:32 GMT
So, Carphone Warehouse have ignored my second letter, sent by recorded delivery, and are saying that they have removed my 'request to forget.' Whilst GDPR's application has its faults, it is much needed legislation. Cuntphone shitehouse seem to feel that my data is theirs. Fuckers will rue the day. Bear in mind if you are considering crossing their threshold any time soon... dunstoc@cpwplc.com
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Oct 25, 2018 9:53:40 GMT
It'll be in the Information Commissioner's hands as of tomorrow.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Oct 25, 2018 9:59:34 GMT
~Ignore that email address. charles@cdpo.co.uk
|
|