GENERAL DATA PROTECTION REGULATION (“GDPR”) 2018 BREACHES – 26/03/2019
A case came to my attention at the time of writing this via a complaints forum on Facebook which is worth covering in a blog simply due to the clear breaches and lack of regard to the Data Protection laws.
The data that these firms are using belongs to you under the General Data Protection Regulation Act 2018. You will have probably heard of the GDPR Act, although most people don’t fully understand the implications and impact it has on everyone’s lives.
By way of a brief background, the Data Protection Act 1998 (2002 in the Isle of Man) was recently updated and replaced with a harmonised version in May 2018, although the principles remain the same with a new accountability requirement.
The reason for this is because of technological and digital advances that were not relevant or covered in the old legislation, and to harmonise and empower EU citizens with more powers over the use of their personal data. This legislation will remain in place after the UK has left the EU, so it’s here to stay.
The most significant addition is the accountability principle. The GDPR requires organisations to evidence how they have complied with the principles – for example by documenting the decisions taken about a processing activity.
The penalties for non-compliance can range up to €20m or 4% of annual global turnover, whichever is higher, and the Information Commissioner’s Office (“ICO”) take a variety of factors in to account including the gravity of the offence, damage to the individual, if the infringement has been disclosed to the ICO and other aspects.
It is worth knowing that it is mandatory for any organisation to report any infringements of the GDPR Act 2018 to the ICO, and non-compliance and not reporting the infringement will be taken more seriously with the penalties incurred to reflect that.
In this scenario, the data held by the car dealership contained claims such as,
- “The seat is now loose due to driver size and weight, it’s partially collapsed and has come loose at the base where the bolts attach. This isn’t covered by the mechanical warranty” and “I believe the customer is a serial complainer / scammer.”
The first lesson anyone ought to take on board when they are dealing with customer data (which belongs to the customer) under Article 5 is that it should be factual and relevant, knowing that the customer can access it at any time by submitting a Data Subject Access Request.
In this case, the customer has only received a couple of screenshots and this will just be the tip of the iceberg.
My advice on the back of this is to reiterate that (you) want literally everything you are entitled to see in a clear and easy to read printed format from the date of receipt of the Data Subject Access Request (which should always be sent by recorded delivery for this very reason).
On receipt of everything, I would then scrutinise what I have received and if I suspected that any data was being withheld, I would then insist that an independent audit is made with all PCs drilled for any deleted e-mails so I can fully ascertain the position before proceeding with further action.
Further action in this instance includes defamatory and false statements being made that can be supported by independent reports stating that the car seat clearly had inherent faults that were not disclosed at the point of sale. This would be a misrepresentation that falls under the Misrepresentation Act 1967.
I would also be liaising with the Independent Commissioner’s Office (“ICO”) and the Citizens Advice Bureau to hold them to account.
I cover various aspects and real-life scenarios involving the Consumer Rights Act 2015, Consumer Credit Act 1974, Misrepresentation Act 1967, General Data Protection Regulation Act 2018 and other legislation including the Road Traffic Act complete with templates based on real-life test cases that work in my book now on sale via Amazon as an e-book and paperback priced £2.99 / £7.99.
BBC Radio Scotland have read it and interviewed me as a consumer expert for a five-part consumer programme they are making. Read a free sample via my website and let me know what you think?
DOWNLOAD to your Kindle or get the free Kindle app from Amazon and read the book on your IPad / tablet / smartphone / laptop.
Like and follow me on Facebook – The Complaints Resolver.
If you have enjoyed reading this, feel free to take a look at my other website http://www.awriterinedinburgh.com which showcases my writing and how you can work with me.