Tweet
Tl;dr Can I use N1 “small claims” form for non-compliance with the DSAR (I would like a small monetary penalty, but also to have them ordered to comply with DSAR).
I filed a data subject access request against a major UK ISP in May.
This was the first (and only) DSAR filed, so no question of abusing the process. I used their online DSAR form.
They have completely mucked be me around, I’ve follow-up many times. Mid-August they finally sent me an email claiming to have fulfilled my request and directing me to download a zip file, the password for which would be posted to me.
I’ve not received the anything in the post. I’ve followed-up with them via Twitter and email, they claim to be looking into it for a week now, but no explanation forthcoming. It’s been well over 90 days since I originally filed the request.
I’m pretty fed up with how much they’ve mucked me around, its fairly apparent they don’t really give a shit about the GDPR. I made a complaint ages ago ICO (when they first took more than 30 days to do anything), and it became clear why they don’t give a shit, the ICO hasn’t got back to me, and doesn’t levy any penalties anyway).
I (a) would like my data and (b) am pretty annoyed that the company basically considers compliance optional. The challenge is (and no doubt they’re aware of this), that any damages I could claim are quite likely to be small, so hard to involve a solicitor. I’m wondering if I can send them a letter before action and then bring a claim in “small claims court” asking for a small amount of damages + court order to comply but its not very clear if the N1 form can be used for anything other than monetary damages.
I had no idea the GDPR rights were effectively such a joke.
One extra wrinkle is that I asked for my phone recordings, which they state on their website are deleted after 180 days, so by the time this actually gets to court its quite likely deleted anyway. I’m hoping that a court proceedings might force them to comply and settle. I don’t think the zip contains any phone recordings anyway, since the file size is tiny, but that’s a separate issue.
I filed a data subject access request against a major UK ISP in May.
This was the first (and only) DSAR filed, so no question of abusing the process. I used their online DSAR form.
They have completely mucked be me around, I’ve follow-up many times. Mid-August they finally sent me an email claiming to have fulfilled my request and directing me to download a zip file, the password for which would be posted to me.
I’ve not received the anything in the post. I’ve followed-up with them via Twitter and email, they claim to be looking into it for a week now, but no explanation forthcoming. It’s been well over 90 days since I originally filed the request.
I’m pretty fed up with how much they’ve mucked me around, its fairly apparent they don’t really give a shit about the GDPR. I made a complaint ages ago ICO (when they first took more than 30 days to do anything), and it became clear why they don’t give a shit, the ICO hasn’t got back to me, and doesn’t levy any penalties anyway).
I (a) would like my data and (b) am pretty annoyed that the company basically considers compliance optional. The challenge is (and no doubt they’re aware of this), that any damages I could claim are quite likely to be small, so hard to involve a solicitor. I’m wondering if I can send them a letter before action and then bring a claim in “small claims court” asking for a small amount of damages + court order to comply but its not very clear if the N1 form can be used for anything other than monetary damages.
I had no idea the GDPR rights were effectively such a joke.
One extra wrinkle is that I asked for my phone recordings, which they state on their website are deleted after 180 days, so by the time this actually gets to court its quite likely deleted anyway. I’m hoping that a court proceedings might force them to comply and settle. I don’t think the zip contains any phone recordings anyway, since the file size is tiny, but that’s a separate issue.
Comment