Strange GDPR Request - Contractor UK Bulletin Board

Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

AtW replied

25 June 2020, 17:43
Counter it with GDPR demand for source they used to get your contact info
Leave a comment:
AtW replied

25 June 2020, 17:42
Originally posted by NotAllThere View Post

There's a github for the text. data/access-tracking.txt at master . datenanfragen/data . GitHub

Probably some idiot has done a GDPR infringing mail spam.

FTFY
Leave a comment:
bobw replied

25 June 2020, 16:45
I've received the exact same message today, I know it's a template but the wording is identical, even some phrases which I haven't found in any of the templates, like "Thanks: for your support!". Seems spammy to me, it's from a gmail address. I was planning to ignore it but I'm not sure.

I've found this thread from googling some of the message content.
Leave a comment:
NotAllThere replied

25 June 2020, 16:22
There's a github for the text. data/access-tracking.txt at master . datenanfragen/data . GitHub

Probably some idiot has done a mail merge.
Leave a comment:
vetran replied

25 June 2020, 15:49
Originally posted by NickFitz View Post

That's what I thought: send GDPR request including PII, get told "We have nothing about you", then report them because they have the PII you provided in the original GDPR request but said they didn't have any

You can retain information for the purposes of providing information.

So you can record John Doe made a request.

One assumes you can then say your policy is to delete request verification information if no confidential information is found to avoid storing confidential information. Pop that in your reply.
Leave a comment:
Old Greg replied

25 June 2020, 15:31
Originally posted by NickFitz View Post

That's what I thought: send GDPR request including PII, get told "We have nothing about you", then report them because they have the PII you provided in the original GDPR request but said they didn't have any

Gödel would say that the company would be compliant in this scenario, because you hadn't sent a meta-GDPR request.
Leave a comment:
NickFitz replied

25 June 2020, 15:27
Originally posted by eek View Post

I guess you also need to remember in the subsequent response (if there is one) to mention the GDPR request with the appropriate data sent and confirmation that you've deleted it from all systems. I mention that as it's the obvious thing you most people would miss out.

That's what I thought: send GDPR request including PII, get told "We have nothing about you", then report them because they have the PII you provided in the original GDPR request but said they didn't have any
Leave a comment:
Old Greg replied

25 June 2020, 15:11
Originally posted by AtW View Post

6 months to go before this EU sheet will hopefully be repealed

GDPR that, suckers.
Leave a comment:
AtW replied

25 June 2020, 14:53
6 months to go before this EU sheet will hopefully be repealed
Leave a comment:
eek replied

25 June 2020, 14:50
Originally posted by DaveB View Post

Fishing mail looking to try and get a case to claim compensation.

You are obliged to confirm their identity before you provide information, so I would reply asking for date of birth, postal address and supporting documents such as copy of a drivers licence, passport and utility bill.

You could give a quick response that says something like

"Based on the information provided we do not believe we have ever processed information relating to you. If you wish us to conduct a more through search please provide the following information:

Proof of:
Full Name
Date of Birth
Postal Address

This may be in the form of a copy of your drivers licence, passport, household utility bills etc.

We may only disclose personal data, if held, once we have confirmed the identity of the requestor."

I guess you also need to remember in the subsequent response (if there is one) to mention the GDPR request with the appropriate data sent and confirmation that you've deleted it from all systems. I mention that as it's the obvious thing you most people would miss out.

Last edited by eek; 25 June 2020, 14:54.
Leave a comment:
SimonMac replied

25 June 2020, 14:41
Originally posted by DaveB View Post

Fishing mail looking to try and get a case to claim compensation.

You are obliged to confirm their identity before you provide information, so I would reply asking for date of birth, postal address and supporting documents such as copy of a drivers licence, passport and utility bill.

You could give a quick response that says something like

"Based on the information provided we do not believe we have ever processed information relating to you. If you wish us to conduct a more through search please provide the following information:

Proof of:
Full Name
Date of Birth
Postal Address

This may be in the form of a copy of your drivers licence, passport, household utility bills etc.

We may only disclose personal data, if held, once we have confirmed the identity of the requestor."

Cheers, quoted recital 64 in terms of the ID, hopefully you're right and its a fishing activity.
Leave a comment:
DimPrawn replied

25 June 2020, 14:30
Gotta love the EU, GDPR red tape, website cookie red tape.

No wonder the EU are going down the pan.
Leave a comment:
Old Greg replied

25 June 2020, 14:20
Email them back confirming you have no record of them.

Follow up with a GDPR request.
Leave a comment:
DimPrawn replied

25 June 2020, 14:12
Where is the senders email from if you look through the raw email guff?

Probably sent via some scammy domain in mother Russia
Leave a comment:
DimPrawn replied

25 June 2020, 14:09
Is it a great way of spammers verifying email addresses?

If it were me, I'd pretend I never received it.
Leave a comment: