IMPORTANT: Please make sure your posts do not contain any personally identifiable information (both your own and that of others). When uploading images, please take care that you have redacted all personal information including QR codes, number plates and reference numbers.
Article 13 GDPR (Data Protection Act 2018)
Comments
-
Just had my first response to a data access request.
The only requirement they met was that they responded.
They responded to my email with an attachment that contained a copy of a pcn the appeal I wrote, some pictures and the reply to the appeal, which I won.
Nothing as to why they had the information still after I won the appeal, nothing about who they shared the information with (i know they previously shared/sold my information with Mil Collections and debt recovery plus). Nothing about how long they would keep the information for. Like I said they met the requirement to respond and nothing more.0 -
Spook - then you need ot complain to theICO, as you have evidence their response is incomplete
A5TEH - you seem to htink they need consent to get your data. They dont. The DCA is merely a processor and the DVLA is entirely fine with them as long as they are still an agent.0 -
Most people are confused by GDPR. After watching many
so called experts on TV, it's still not clear apart from the
fact that companies simply cannot pester you except
companies like your bank, subscription services that you
have opted in or you have a contract with.
It's the contract part regarding parking companies which
on this forum is of interest.
The so called contract is when entering a car park you
become liable to a fee if you break the rules but I have
yet to see any signage that states that by breaking the
contract, you opt-in to your data being passed to a third
party ... IE Debt collectors ?
POFA 2012 and the CoP, came into force for an
unregulated industry and I assume it complied to
the Data protection at the time .....
The CoP allows data to be given to debt collectors
but, does GDPR allow this to happen ?
Contracts with real financial institutions mainly have
a clause that advises customers of their rights and
that they use collection agents and so that will
continue.
This is a regulated industry
Private parking companies and the ATA's are not
regulated
The new government CoP to which we currently know
very little about clearly must comply with the new GDPR
If not, we will be back in the same old farce
confused.com0 -
Surely there is an issue with the fact that the DCA is a third party who does not have any direct rights of access to the DVLA's database (unlike the Parking Management Company who orginally accessed / requested the data originally), so therefore has been passed or obtained the data without the vehicle owners consent? Surely one of the two - PMC or DCA is in breach?0
-
Most people are confused by GDPR. After watching many
so called experts on TV, it's still not clear apart from the
fact that companies simply cannot pester you except
companies like your bank, subscription services that you
have opted in or you have a contract with.
It's the contract part regarding parking companies which
on this forum is of interest.
The so called contract is when entering a car park you
become liable to a fee if you break the rules but I have
yet to see any signage that states that by breaking the
contract, you opt-in to your data being passed to a third
party ... IE Debt collectors ?
POFA 2012 and the CoP, came into force for an
unregulated industry and I assume it complied to
the Data protection at the time .....
The CoP allows data to be given to debt collectors
but, does GDPR allow this to happen ?
Contracts with real financial institutions mainly have
a clause that advises customers of their rights and
that they use collection agents and so that will
continue.
This is a regulated industry
Private parking companies and the ATA's are not
regulated
The new government CoP to which we currently know
very little about clearly must comply with the new GDPR
If not, we will be back in the same old farce
confused.com
Add in to that situation that only the driver could ever agree to their details being processed and it is the keepers details that are processed to the debt agencies.
The PPC will never be able to claim that using a vehicle enables the driver to give consent to the keepers details being processed but the PPC.
Even though the PoFA gives the legal basis for the keeper being liable the PPC are often found to have not been compliant with it (PoFA). So they are opening themselves up to a claim to the ICO every single time they issue a ticket. Every time they themselves up hold an appeal, every time POPLA up holds an appeal where the keeper was not the driver and the PPC are aware they don't comply with the PoFA (NTK etc) they have processed that data illegally.0 -
Again: the DVLA does NOT USE CONSENT as the basis for giving data about RKs out. Never has, and does not need to now
GDPR does NOT change that, at all0 -
nosferatu1001 wrote: »Again: the DVLA does NOT USE CONSENT as the basis for giving data about RKs out. Never has, and does not need to now
GDPR does NOT change that, at all
We are aware of that ..... we are talking about 3rd party
access to data0 -
Even though the PoFA gives the legal basis for the keeper being liable the PPC are often found to have not been compliant with it (PoFA). So they are opening themselves up to a claim to the ICO every single time they issue a ticket. Every time they themselves up hold an appeal, every time POPLA up holds an appeal where the keeper was not the driver and the PPC are aware they don't comply with the PoFA (NTK etc) they have processed that data illegally.
And that I agree with . Scary for PPC's but that would make
the IPC/IAS prone to decline ALL appeals to safeguard their members
against ICO fines0 -
We are aware of that ..... we are talking about 3rd party
access to data
Given the intial data was obtained without consent, what makes you thin they need consent to process it in ways expressly allowed for in the KADOE contract?0 -
nosferatu1001 wrote: »DCA arent a third party, they are an agent of hte data controller (the operator) acting as a data processor
Given the intial data was obtained without consent, what makes you thin they need consent to process it in ways expressly allowed for in the KADOE contract?
The KADOE contract was born prior to the new GDPR0
This discussion has been closed.
Categories
- All Categories
- 343.1K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.7K Spending & Discounts
- 235.2K Work, Benefits & Business
- 607.9K Mortgages, Homes & Bills
- 173K Life & Family
- 247.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards