Breach of GDPR by Managjng Agent?

DullGreyGuy

aj16_2 said:

Managing Agent for my property recently sent a service charge payment reminder by email. They also ccd in 16 other personal email addresses? Is this a GDPR breach? Nobody consented to having their personal information shared and  I wouldn't have thought this falls under 'lawful reason'.

This is the 1st time something like that has happened. No financial information was shared, just personal emails. I am putting this down to human error but if this is a breach surely I should be reporting this?

I am not after anything but, in the 1st instance, an apology should be issued to all those concerned (I have already emailed managing agent). 

Who are the other 16 people?

Presumably they are your neighbours? If so it's technically a breach but a minor one that would be cleared up with a basic apology unless someone comes forth saying they've a major issue with one of the other people on the list etc. 

If they are other people at the MA like the finance team and credit control etc then its unlikely a breach however they should really setup distribution lists or shared mailboxes. 

Ergates

Jumblebumble said:

sheenas said:

This is a GDPR breach and you can report it. Disclosing emails which uniquely identifies you should not happen. I would raise a complaint with the company first.  

I imagine the overworked ICO will not be in the slightest bit interested.
This is a matter that is best dropped as it will go nowhere

Whilst I agree the ICO would be incredibly unlikely to take any action on a breach like this, that doesn't mean the OP should just drop it.

An email to the agency pointing out their error, pointing out this is a breach of GDPR, and asking them to take more care in future would only take a couple of minutes and is fairly like to work.

aj16_2

An apology from managing agent is what I'm looking for. Not a serious enough issue for ICO to bother about, I would have thought. The other 16 people in email are neighbours. In fact, looking at email again they were not even ccd in - was just a message sent out to everyone. That alone is totally wrong and unprofessional.

I have already emailed managing agents for an explanation. Unrelated, but this company has actually been on tv programme 'Rip off Britain' 

Jumblebumble

Ergates said:

Jumblebumble said:

sheenas said:

This is a GDPR breach and you can report it. Disclosing emails which uniquely identifies you should not happen. I would raise a complaint with the company first.  

I imagine the overworked ICO will not be in the slightest bit interested.
This is a matter that is best dropped as it will go nowhere

Whilst I agree the ICO would be incredibly unlikely to take any action on a breach like this, that doesn't mean the OP should just drop it.

An email to the agency pointing out their error, pointing out this is a breach of GDPR, and asking them to take more care in future would only take a couple of minutes and is fairly like to work.

On reflection I agree  an email to the agency would do no harm

Undervalued

user1977 said:

It is of course useful information should you wish to collaborate with the other recipients about a complaint (or sacking the agent, if that's within your power).

Surely making use of information you shouldn't have would also be a breach of the rules?

Yes the OP can report it to the information commissioner if they feel strongly about it and the agent might get a minor slap on the wrist. However, once the cat is our of the bag you can't get it back in!

user1977

Undervalued said:

user1977 said:

It is of course useful information should you wish to collaborate with the other recipients about a complaint (or sacking the agent, if that's within your power).

Surely making use of information you shouldn't have would also be a breach of the rules?

Private households do not generally speaking have to abide by the same rules. Hence why you don't have to register as a data controller in respect of e.g. your addressbook.