• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Strange GDPR Request

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    Strange GDPR Request

    Just got an email to the generic MyCo email address which is listed on the website.


    My reference: <redacted>
    Date: 2020-06-25

    To Whom It May Concern:

    I am hereby requesting access according to Article 15 GDPR. Please confirm whether or not you are processing personal data (as defined by Article 4(1) and (2) GDPR) concerning me.

    In case you are, I am hereby requesting access to the following information pursuant to Article 15 GDPR:
    1. all personal data concerning me that you have stored, including any potential pseudonymised data on me as per Article 4(5) GDPR;
    2. the purposes of the processing;
    3. the categories of personal data concerned;
    4. the recipients or categories of recipient to whom the personal data have been or will be disclosed;
    5. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    6. where the personal data are not collected from the data subject, any available information as to their source;
    7. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for me.

    In case you are processing anonymised data concerning me, please not only inform me about that but also explain the procedure used in an easily understandable way.

    If you are transferring my personal data to a third country or an international organisation, I request to be informed about the appropriate safeguards according to Article 46 GDPR concerning the transfer.

    Please make the personal data concerning me, which I have provided to you, available to me in a structured, commonly used and machine-readable format as laid down in Article 20(1) GDPR.

    My request explicitly includes any other services and companies for which you are the controller as defined by Article 4(7) GDPR.

    As laid down in Article 12(3) GDPR, you have to provide the requested information to me without undue delay and in any event within one month of receipt of the request. According to Article 15(3) GDPR, you have to answer this request without cost to me.

    I am including the following information necessary to identify me:
    Name: <redacted>
    Email address: <redacted>
    Thanks: for your support!

    If you do not answer my request within the stated period, I am reserving the right to take legal action against you and to lodge a complaint with the responsible supervisory authority.

    Thank you in advance.

    Yours sincerely
    I've never engaged with this person as a client or any thing similar, I have done a bit of a search through old emails and nothing comes up.

    Maybe it's the skeptic in me but how do I prove a negative?

    It looks like it's been lifted from this site

    Sample letter for requests for access to personal data as per Art. 15 GDPR datarequests.org
    Originally posted by Stevie Wonder Boy
    I can't see any way to do it can you please advise?

    I want my account deleted and all of my information removed, I want to invoke my right to be forgotten.

    #2
    Originally posted by SimonMac View Post
    Just got an email to the generic MyCo email address which is listed on the website.



    I've never engaged with this person as a client or any thing similar, I have done a bit of a search through old emails and nothing comes up.

    Maybe it's the skeptic in me but how do I prove a negative?

    It looks like it's been lifted from this site

    Sample letter for requests for access to personal data as per Art. 15 GDPR datarequests.org
    Surely you reply with we have no record of you in our systems.
    merely at clientco for the entertainment

    Comment


      #3
      DaveB is the expert in these matters, but basically if you haven't dealt with this person and have nothing in your system for them that's what you can tell them.
      "I can put any old tat in my sig, put quotes around it and attribute to someone of whom I've heard, to make it sound true."
      - Voltaire/Benjamin Franklin/Anne Frank...

      Comment


        #4
        Originally posted by SimonMac View Post
        Just got an email to the generic MyCo email address which is listed on the website.



        I've never engaged with this person as a client or any thing similar, I have done a bit of a search through old emails and nothing comes up.

        Maybe it's the skeptic in me but how do I prove a negative?

        It looks like it's been lifted from this site

        Sample letter for requests for access to personal data as per Art. 15 GDPR datarequests.org
        Fishing mail looking to try and get a case to claim compensation.

        You are obliged to confirm their identity before you provide information, so I would reply asking for date of birth, postal address and supporting documents such as copy of a drivers licence, passport and utility bill.

        You could give a quick response that says something like

        "Based on the information provided we do not believe we have ever processed information relating to you. If you wish us to conduct a more through search please provide the following information:

        Proof of:
        Full Name
        Date of Birth
        Postal Address

        This may be in the form of a copy of your drivers licence, passport, household utility bills etc.

        We may only disclose personal data, if held, once we have confirmed the identity of the requestor."
        "Being nice costs nothing and sometimes gets you extra bacon" - Pondlife.

        Comment


          #5
          Is it a great way of spammers verifying email addresses?

          If it were me, I'd pretend I never received it.

          Comment


            #6
            Where is the senders email from if you look through the raw email guff?

            Probably sent via some scammy domain in mother Russia

            Comment


              #7
              Email them back confirming you have no record of them.

              Follow up with a GDPR request.

              Comment


                #8
                Gotta love the EU, GDPR red tape, website cookie red tape.

                No wonder the EU are going down the pan.

                Comment


                  #9
                  Originally posted by DaveB View Post
                  Fishing mail looking to try and get a case to claim compensation.

                  You are obliged to confirm their identity before you provide information, so I would reply asking for date of birth, postal address and supporting documents such as copy of a drivers licence, passport and utility bill.

                  You could give a quick response that says something like

                  "Based on the information provided we do not believe we have ever processed information relating to you. If you wish us to conduct a more through search please provide the following information:

                  Proof of:
                  Full Name
                  Date of Birth
                  Postal Address

                  This may be in the form of a copy of your drivers licence, passport, household utility bills etc.

                  We may only disclose personal data, if held, once we have confirmed the identity of the requestor."
                  Cheers, quoted recital 64 in terms of the ID, hopefully you're right and its a fishing activity.
                  Originally posted by Stevie Wonder Boy
                  I can't see any way to do it can you please advise?

                  I want my account deleted and all of my information removed, I want to invoke my right to be forgotten.

                  Comment


                    #10
                    Originally posted by DaveB View Post
                    Fishing mail looking to try and get a case to claim compensation.

                    You are obliged to confirm their identity before you provide information, so I would reply asking for date of birth, postal address and supporting documents such as copy of a drivers licence, passport and utility bill.

                    You could give a quick response that says something like

                    "Based on the information provided we do not believe we have ever processed information relating to you. If you wish us to conduct a more through search please provide the following information:

                    Proof of:
                    Full Name
                    Date of Birth
                    Postal Address

                    This may be in the form of a copy of your drivers licence, passport, household utility bills etc.

                    We may only disclose personal data, if held, once we have confirmed the identity of the requestor."
                    I guess you also need to remember in the subsequent response (if there is one) to mention the GDPR request with the appropriate data sent and confirmation that you've deleted it from all systems. I mention that as it's the obvious thing you most people would miss out.
                    Last edited by eek; 25 June 2020, 14:54.
                    merely at clientco for the entertainment

                    Comment

                    Working...
                    X