GDPR - sent statements etc of another person

kerb · 29-05-2019 3:54pm #1

Hi a finance company I have a loan with
Sent me my yearly statements

They also sent me another person's statement
With full name and address etc showing his loan and repayments

Is this a breech of gdpr

If so who should I contact about this or would they have a gdpr officer I would contact

Thanks

Glass fused light · 29-05-2019 4:08pm

kerb wrote: »

Hi a finance company I have a loan with
Sent me my yearly statements

They also sent me another person's statement
With full name and address etc showing his loan and repayments

Is this a breech of gdpr

Yes.

kerb wrote: »

If so who should I contact about this or would they have a gdpr officer I would contact

Thanks

You can contact the person who's data you received.

You should call the loan company and ask to be put through to the Data Protection person/office. The loan company should arrange for the statement to be collected ASAP.
By letter: If the loan company dont have a contact listed on their website, you can contact the loan company's Data Protection officer by just addressing the letter to the Data Protection Officer. Or you can check on the Data Protection website as the company should have registered a contact name

To contact the Data Protection directly:
Data Protection Commission Telephone
+353 578 684 800. Or. +353 761 104 800
09:15 - 17:30hrs (17.15 Friday)

Postal Address
Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28
Ireland

kerb · 29-05-2019 10:33pm

Thanks for info

micar · 29-05-2019 10:36pm

kerb wrote: »

Hi a finance company I have a loan with
Sent me my yearly statements

They also sent me another person's statement
With full name and address etc showing his loan and repayments

Is this a breech of gdpr

If so who should I contact about this or would they have a gdpr officer I would contact

Thanks

That's a very very serious data protection breach.

I would send the other clients documentation back to the company.

They will have to inform the person anyway and the data protection commissioner.

BattleCorp · 30-05-2019 12:25pm

micar wrote: »

That's a very very serious data protection breach.

I would send the other clients documentation back to the company.

They will have to inform the person anyway and the data protection commissioner.

They are legally obliged to inform the person but how likely is it that they will inform the person?

Riskymove · 30-05-2019 12:54pm

BattleCorp wrote: »

They are legally obliged to inform the person but how likely is it that they will inform the person?

they only have to inform a data subject under certain conditions

there is not a general obligation to inform people about every breach

C3PO · 31-05-2019 2:11pm

BattleCorp wrote:

They are legally obliged to inform the person but how likely is it that they will inform the person?

In my experience, most likely! These things happen every now and again no matter how hard you try to avoid them. It is much better for a company to fess up, contact the customer involved as well as the relevant regulatory authority and get it over with. Trying to cover an incident up is a much greater offence and would be viewed very seriously!

C3PO · 31-05-2019 2:11pm

Riskymove wrote:

they only have to inform a data subject under certain conditions

there is not a general obligation to inform people about every breach

No, but the circumstances outlined would be one!

GDPR - sent statements etc of another person

Comments