Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

GDPR - sent statements etc of another person

  • 29-05-2019 2:54pm
    #1
    Registered Users, Registered Users 2 Posts: 105 ✭✭


    Hi a finance company I have a loan with
    Sent me my yearly statements

    They also sent me another person's statement
    With full name and address etc showing his loan and repayments

    Is this a breech of gdpr

    If so who should I contact about this or would they have a gdpr officer I would contact

    Thanks


Comments

  • Registered Users, Registered Users 2 Posts: 1,576 ✭✭✭Glass fused light


    kerb wrote: »
    Hi a finance company I have a loan with
    Sent me my yearly statements

    They also sent me another person's statement
    With full name and address etc showing his loan and repayments

    Is this a breech of gdpr
    Yes.
    kerb wrote: »
    If so who should I contact about this or would they have a gdpr officer I would contact

    Thanks
    You can contact the person who's data you received.

    You should call the loan company and ask to be put through to the Data Protection person/office. The loan company should arrange for the statement to be collected ASAP.
    By letter: If the loan company dont have a contact listed on their website, you can contact the loan company's Data Protection officer by just addressing the letter to the Data Protection Officer. Or you can check on the Data Protection website as the company should have registered a contact name

    To contact the Data Protection directly:
    Data Protection Commission Telephone
    +353 578 684 800. Or. +353 761 104 800
    09:15 - 17:30hrs (17.15 Friday)

    Postal Address
    Data Protection Commission
    21 Fitzwilliam Square South
    Dublin 2
    D02 RD28
    Ireland


  • Registered Users, Registered Users 2 Posts: 105 ✭✭kerb


    Thanks for info


  • Registered Users, Registered Users 2 Posts: 1,915 ✭✭✭micar


    kerb wrote: »
    Hi a finance company I have a loan with
    Sent me my yearly statements

    They also sent me another person's statement
    With full name and address etc showing his loan and repayments

    Is this a breech of gdpr

    If so who should I contact about this or would they have a gdpr officer I would contact

    Thanks



    That's a very very serious data protection breach.

    I would send the other clients documentation back to the company.

    They will have to inform the person anyway and the data protection commissioner.


  • Registered Users, Registered Users 2 Posts: 11,790 ✭✭✭✭BattleCorp


    micar wrote: »
    That's a very very serious data protection breach.

    I would send the other clients documentation back to the company.

    They will have to inform the person anyway and the data protection commissioner.

    They are legally obliged to inform the person but how likely is it that they will inform the person?


  • Registered Users, Registered Users 2 Posts: 10,900 ✭✭✭✭Riskymove


    BattleCorp wrote: »
    They are legally obliged to inform the person but how likely is it that they will inform the person?

    they only have to inform a data subject under certain conditions

    there is not a general obligation to inform people about every breach


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 3,795 ✭✭✭C3PO


    BattleCorp wrote:
    They are legally obliged to inform the person but how likely is it that they will inform the person?

    In my experience, most likely! These things happen every now and again no matter how hard you try to avoid them. It is much better for a company to fess up, contact the customer involved as well as the relevant regulatory authority and get it over with. Trying to cover an incident up is a much greater offence and would be viewed very seriously!


  • Registered Users, Registered Users 2 Posts: 3,795 ✭✭✭C3PO


    Riskymove wrote:
    they only have to inform a data subject under certain conditions

    there is not a general obligation to inform people about every breach

    No, but the circumstances outlined would be one!


Advertisement