• Welcome to the LegalBeagles Consumer and Legal Forum.
    Please Register to get the most out of the forum. Registration is free and only needs a username and email address.
    REGISTER
    Please do not post your full name, reference numbers or any identifiable details on the forum.

is this a breach of GDPR by DCA

Collapse
Loading...
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • is this a breach of GDPR by DCA

    My account was ‘assigned’ by the OC to a DCA a few years ago. It was then ‘reassigned’ (allegedly) by the OC to a new DCA which operated from the same address as the old one. For now the DCA in question will remain nameless. I haven’t paid them anything as I had previously queried the authenticity of the notice of assignment as I believed it was not genuine and the person who had allegedly signed the notices did not infact work for the OC at the time at the time the second one was allegedly signed by them. I suspected that it was created by the DCA and asked for the name of the staff member who had created the notice on their systems and they responded by saying that they ask external third parties to print customer correspondence.
    About a year ago I sent a DSAR to them.
    They sent a very large bundle of my personal data in an ordinary paper envelope by royal mail. no responsible, sane, level headed person would have done that. Needless to say the envelope split open whilst in transit as the envelope was too flimsy and could not support the weight of the documents. Royal mail had to repack the envelope in a clear ‘plastic’ sleeve and posted it to me. When I inspected the documents it was obvious that they were not in order leading me to believe that someone in the royal mail had had unauthorised access to my data. I complained to the DCA and sent them photos of the split envelope and advised them that as a breach of the GDPR had occurred they are to report it within three days to the ICO and the OC they are also to advise the ICO that they use third parties to print customer correspondence.
    They finally sent me a final response in which they state that they are not at fault, no breach of the GDPR has occurred and that it is royal mail's fault because the plastic sleeve had the following words printed on it ‘our sincere apologies we are very sorry that this item has reached you in this condition’.
    The letter also mentions that they are entitled to use external parties to print letters to customers!!
    Do you guys believe I have a valid case to report to the ICO and also claim compensation based on the following:
    1. Deed of novation was not sent to me, neither was I asked whether the account could be assigned to the new DCA. I was sent a notice of assignment allegedly from the OC, which I know is not genuine.
    2. The new DCA has been processing my data without my consent and as the data controller they are responsible for ensuring that my data is always secure and ensure that unauthorised persons do not gain access to it, this has happened with the envelope coming apart.
    3. They confirmed that they use external third parties to print customer correspondence. They haven’t provided any details of who these third parties are and whether or not they are registered with the ICO.
    Thanks for your help.
    Tags: None

  • #2
    Hello

    Simple answer is no, you don't have a claim.

    You're claiming that someone in Royal Mail had access to your personal data, but what do you expect if the envelope had split and the documents had fallen out, are they just going to stand around and not leave them on the floor or wherever they were?

    Not trying to be patronising but do you honestly think that all companies send letters to their customers in-house? The GDPR does not prohibit data controllers from using third parties but you are entitled to know which third parties the DCA uses and for what purpose. Also, data processors are not required to be registered with the ICO because it only applies to data controllers. Nevertheless, there is no longer a requirement to register and instead there is a fee to pay depending on the size of the organisation.

    I think a bit of common sense needs to be applied and maybe you should read up on the ICO's website because I think you misunderstand the concept of the GDPR.
    If you have a question about the voluntary termination process, please read this guide first, as it should have all the answers you need. Please do not hijack another person's thread as I will not respond to you
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    LEGAL DISCLAIMER
    Please be aware that this is a public forum and is therefore accessible to anyone. The content I post on this forum is not intended to be legal advice nor does it establish any client-lawyer type relationship between you and me. Therefore any use of my content is at your own risk and I cannot be held responsible in any way. It is always recommended that you seek independent legal advice.

    Comment


    • #3
      Hello Rob
      Thanks for your reply.
      I've had personal data sent to me by from other companies I've dealt with. All of them have sent the documents in secure plastic envelopes. one even sent the data on an encrypted CD with a password separately. The DCA in question sent the documents in a flimsy envelope which wasn't strong enough to hold the documents and as previously mentioned it came apart. Since posting on the forum, I've spoken confidentially to the ICO who have advised me that it is a breach. I'll give the DCA in question one more opportunity to accept they were in the wrong before filing a complaint with the ICO.

      Comment


      • #4
        There are various methods in which the data can be sent to you but data controllers are not legally obliged to send your data in a particular format though the GDPR does say that if you request the data in an electronic format then it should be sent in that form as requested. Virgin Media for example, have sent me bulk documents by post in a normal A4 windowed envelope following a subject access request as that is (apparently) their policy.

        You've not mentioned whether the documents were sent by special delivery or some other signed for method but if it wasn't then that could be a breach of data protection. Whether the envelope is flimsy or not is a question of fact and only a court can decide if that was the case irrespective of what the ICO says. Can you be confident that the quality of the envelope was solely to blame and there were no other outside factors that could have contributed such as lack of care from Royal Mail staff?

        By all means make a complaint to the ICO, they can sanction the DCA but if you want any compensation, you'll have to negotiate that yourself or take the matter to court - the ICO can't order a controller to pay compensation but they can recommend. Just because the ICO might say there has been a breach, does not mean that compensation will be automatic as they courts might not agree, though any decision by the ICO in your favour would support your claim, it can also be rebutted by the DCA.

        Any claim however, will probably fall under non-material damage which includes distress and probably inconvenience and anxiety, but you'll need to demonstrate that in some way if you want compensation. Don't expect a substantial amount as the courts have already recognised for the majority of claims, modest compensation should be sufficient.

        Just to be clear, this is my view of things based on the information presented and it could very well be the case that someone else or a judge might come to a different conclusion based on the same information or other information that you've not yet disclosed to us.
        If you have a question about the voluntary termination process, please read this guide first, as it should have all the answers you need. Please do not hijack another person's thread as I will not respond to you
        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        LEGAL DISCLAIMER
        Please be aware that this is a public forum and is therefore accessible to anyone. The content I post on this forum is not intended to be legal advice nor does it establish any client-lawyer type relationship between you and me. Therefore any use of my content is at your own risk and I cannot be held responsible in any way. It is always recommended that you seek independent legal advice.

        Comment

        View our Terms and Conditions

        LegalBeagles Group uses cookies to enhance your browsing experience and to create a secure and effective website. By using this website, you are consenting to such use.To find out more and learn how to manage cookies please read our Cookie and Privacy Policy.

        If you would like to opt in, or out, of receiving news and marketing from LegalBeagles Group Ltd you can amend your settings at any time here.


        If you would like to cancel your registration please Contact Us. We will delete your user details on request, however, any previously posted user content will remain on the site with your username removed and 'Guest' inserted.
        Working...
        X