Jump to content

GDPR / DPA2018 and Your Data Rights


Recommended Posts

Posted

Posts moved from a different topic

Subject deserves a topic of it's own

 

On 27/09/2023 at 17:41, VILLAMARV said:

It's worth everyone remembering that private businesses don't have a legal obligation to serve anybody. Businesses have the right to refuse service. You can be asked to leave, refused service and you don't have any right to be told why.

You can now ask in writing, legally they cannot hold information on you. Got tthis from betting sites, they ban you, you can then apply for every bit of info they have on you, it includes what you were actually banned for.

Posted
16 minutes ago, foreveryoung said:

You can now ask in writing, legally they cannot hold information on you. Got tthis from betting sites, they ban you, you can then apply for every bit of info they have on you, it includes what you were actually banned for.

That bit isn’t true at all. They must have obtained the data they hold for a legitimate purpose and keep it on file for a proportionate time in relation to the reason they hold it. You have a right to correct any false information and in certain circumstances have a right to be forgotten i.e. they no longer hold the data. But in your example of being banned as a customer, they can keep that on file for as long as it’s necessary to not want you as a customer and it would also be legitimate for them to decline the right to be forgotten.

You can also add that to the list of things the EU did for you

Edit: Also you don’t have to ask in writing, they must recognise any request including verbally

  • Like 2
Posted
1 minute ago, bickster said:

That bit isn’t true at all. They must have obtained the data they hold for a legitimate purpose and keep it on file for a proportionate time in relation to the reason they hold it. You have a right to correct any false information and in certain circumstances have a right to be forgotten i.e. they no longer hold the data. But in your example of being banned as a customer, they can keep that on file for as long as it’s necessary to not want you as a customer and it would also be legitimate for them to decline the right to be forgotten.

You can also add that to the list of things the EU did for you

What i ment was, they cannot legally withhold that information. You can legally have a copy of the information anytime.

Posted
2 minutes ago, foreveryoung said:

What i ment was, they cannot legally withhold that information. You can legally have a copy of the information anytime.

I can’t help it if you mean one thing and type something completely different

Also that isn’t particularly true. You can have that information once and wait up to a month to get it. Ask a second time for the same or a similar thing and you run the risk of the company dealing with the request considering it to be manifestly excessive and  could deny you on that basis.

  • Like 3
Posted

AFAIK (VT Law dept correct me if I'm wrong of course) but what you're talking about FY is information kept on file about you under The Data Protection Act. There are still plenty of interactions where there is no information exchange between businesses and customers.

I was referring to the Common Law Right to Refuse Service. The Equalities Act lists the protected areas - gender, sex, sexual preference, age, disability, race, religeon, pregnancy or maternity. It would be unlawful to refuse service because of any of those reasons. You also can't discriminate so evenly applying whatever rules you see fit. It would probably be precient to display said rules somewhere, install cameras to back up your version of events if challenged legally, perhaps even log or record reasons for refusing service as they occur but AFAIK there's no obligation in Law to do so. The management reserves the right.....

05269.jpg

  • Like 1
Posted
On 27/09/2023 at 19:46, foreveryoung said:

What i ment was, they cannot legally withhold that information. You can legally have a copy of the information anytime.

DSAR 

  • Like 1
Posted
On 27/09/2023 at 19:52, bickster said:

I can’t help it if you mean one thing and type something completely different

Also that isn’t particularly true. You can have that information once and wait up to a month to get it. Ask a second time for the same or a similar thing and you run the risk of the company dealing with the request considering it to be manifestly excessive and  could deny you on that basis.

They could be in reality if you threaten to report them to ICO they will comply 

Posted (edited)
2 minutes ago, bickster said:

SAR actually

No it is a data subject access request DSAR

 

Edited by Follyfoot
Posted
1 minute ago, Follyfoot said:

They could be in reality if you threaten to report them to ICO they will comply 

They can report whatever they like, "manifestly excessive" is a specific term enshrined in the GDPR / DPA2018. It is specifically designed to stop repeat and nuisance requests

Posted (edited)
2 minutes ago, bickster said:

They can report whatever they like, "manifestly excessive" is a specific term enshrined in the GDPR / DPA2018. It is specifically designed to stop repeat and nuisance requests

In reality they will send it, I own a fully regulated claims firm

 

Edited by Follyfoot
Posted
1 minute ago, Follyfoot said:

No it is a data subject access request DSAR

 

OK you win, I only do it for a living but...

Quote

How do we recognise a subject access request (SAR)?

ICO

Posted (edited)
26 minutes ago, bickster said:

OK you win, I only do it for a living but...

ICO

As do I 

I am approved by the FCA under the approved persons regime (SMF29) and my firm makes regular DSAR requests, splitting hairs as the same thing anyway

 https://dataprivacymanager.net/what-is-data-subject-access-request-dsar/

A subject access request (SAR, also called a data subject access request (DSAR), is any request by a data subject for access to their personal data. Those with parental responsibility for students aged 18 and under can also request a copy of their child's pupil record.
 
 
Edited by Follyfoot
  • Haha 1
Posted
23 minutes ago, Follyfoot said:

Those with parental responsibility for students aged 18 and under can also request a copy of their child's pupil record.

That's bollocks too

Quote

Children who are of sufficient age, maturity and ability to make a request are treated in the same way as adults. For these children, the child alone has the right to ask for and see their personal data. As a general rule, we think that children aged 13 and above are capable of making a subject access request on their own behalf, but whether this is possible will depend upon the ability and maturity of the child in question. A child who is capable of making a subject access request can also ask someone to act on his or her behalf in the same way that that an adult can.

Office of the Schools Adjudicator

Posted
3 minutes ago, Follyfoot said:

Did not mean to include that in the copy and paste 🤣

What else is 'bollocks' by the way

 

gdpr.co.uk for starters

Posted

Here’s the form for students to use

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/921235/SLC_DSAR_Subject_Access_Request_Form.pdf
 

Quote

Data Subject Access Request Form
This form allows you, or an authorised person, to request information that we hold about you.
This is called making a Data Subject Access Request (DSAR) and is covered under UK data protection
legislation...

There, that should solve the row. Oh! 😜

Anyway, I don’t know which form Farage used, but whatever he used, I’d pick the other one.

Posted

I have done it a few times with betting companies,. if they play silly buggers, I just brief them about my rights, ICO and IBAS noted, they always send my request.

Posted

Saw GDPR title thread and knew Bicks would be all over it like a hungry dog eating sausages.

Wasn't disappointed. 

  • Haha 1
×
×
  • Create New...

exclamation-mark-man-user-icon-with-png-and-vector-format-227727.png

Ad Blocker Detected

This site is paid for by ad revenue, please disable your ad blocking software for the site.

Â