Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • beamerguy
    • By beamerguy 14th May 18, 7:15 PM
    • 7,793Posts
    • 10,370Thanks
    beamerguy
    For the clever minds on here
    • #1
    • 14th May 18, 7:15 PM
    For the clever minds on here 14th May 18 at 7:15 PM
    For the clever minds on here

    Probably like me, you are starting to receive letters
    or emails from companies you deal with saying that
    to receive info from them, you need to OPT-IN

    This is about GDPR commencing 25th of May 2018

    Whilst I understand that the ATA CoP for the BPA as
    an example, states that PPC's can instruct debt
    collectors which means passing data to DC's, surely the
    new GDPR now overrides this as the public needs to
    OPT-IN and agree to receive unsolicited information

    Considering the parking industry is unregulated, any
    CoP must comply to the law

    https://ico.org.uk/for-organisations/business/

    Thoughts please ?
    RBS - MNBA - CAPITAL ONE - LLOYDS

    DISGUSTING BEHAVIOUR
Page 1
    • Johnersh
    • By Johnersh 14th May 18, 8:22 PM
    • 1,105 Posts
    • 2,127 Thanks
    Johnersh
    • #2
    • 14th May 18, 8:22 PM
    • #2
    • 14th May 18, 8:22 PM
    1. The opt in methodology is one approach to compliance with the GDPR it is not a strict requirement of the legislation.

    2. The GDPR does not prevent debt collection activities but addresses the concept of data held as infinitum with no particular recollection by any party as to how you ended up on a database in the first place.
    "The best advice I ever got was that knowledge is power and to keep reading."
    DISCLAIMER: I post thoughts as & when they occur. I don't advise. You are your own person and decision-maker. I'm unlikely to respond to DMs seeking personal advice. It's ill-advised & you lose the benefit of a group "take" on events.
    • The Slithy Tove
    • By The Slithy Tove 14th May 18, 9:02 PM
    • 3,326 Posts
    • 4,864 Thanks
    The Slithy Tove
    • #3
    • 14th May 18, 9:02 PM
    • #3
    • 14th May 18, 9:02 PM
    How GDPR will work for or against PPCs will be an interesting exercise.

    While one may think that GDPR allows you to have information about you removed, that may be the case when you voluntarily gave it to an organisation in the first place (e.g. bought something from an online retailer). In PPC cases, where they are chasing you for money, I wouldn't think you can simply say "delete my details". I'm sure experts in GDPR would be able to give chapter and verse in such situations where you unwittingly (by entering a car park) "gave permission" for someone to use the car's registered keeper details.

    However, once they have that information, they must adhere to GDPR in its use. If you tell them they have an incorrect address (e.g. you've moved), they MUST use the new address supplied, and they will be in breach if they (conveniently) continue to use the old one. One could argue that once you supply the name and address of the driver, they must remove the keeper's details, as it is no longer required.

    If they pass your details to a debt collector, the PPC is still responsible for the correct use of that data, and liable if the debt collector misuses it.

    Not sure how things like selling an alleged debt to the likes on MIL works (or doesn't) under GDPR. On the face of it, passing on details without the consent of the data subject would be a no-no. But I guess the selling of debt (in more ethical circumstances than what happens in PPC-land) is still a working concept.
    • beamerguy
    • By beamerguy 14th May 18, 9:02 PM
    • 7,793 Posts
    • 10,370 Thanks
    beamerguy
    • #4
    • 14th May 18, 9:02 PM
    • #4
    • 14th May 18, 9:02 PM
    1. The opt in methodology is one approach to compliance with the GDPR it is not a strict requirement of the legislation.

    2. The GDPR does not prevent debt collection activities but addresses the concept of data held as infinitum with no particular recollection by any party as to how you ended up on a database in the first place.
    Originally posted by Johnersh
    I understand what you say but this is not about preventing
    debt collectors, it's the passing of information to them from
    the PPC if the consumer has not OPT-IN
    Last edited by beamerguy; 14-05-2018 at 9:17 PM.
    RBS - MNBA - CAPITAL ONE - LLOYDS

    DISGUSTING BEHAVIOUR
    • twhitehousescat
    • By twhitehousescat 14th May 18, 9:08 PM
    • 1,550 Posts
    • 2,031 Thanks
    twhitehousescat
    • #5
    • 14th May 18, 9:08 PM
    • #5
    • 14th May 18, 9:08 PM
    I forsee that car park signs will have to be rapidly re written to now state that by parking there , they can pass your info onto scum
    Time pretending I was asleep whilst under his desk , has given me insight to this sordid world
    • beamerguy
    • By beamerguy 14th May 18, 9:29 PM
    • 7,793 Posts
    • 10,370 Thanks
    beamerguy
    • #6
    • 14th May 18, 9:29 PM
    • #6
    • 14th May 18, 9:29 PM
    I forsee that car park signs will have to be rapidly re written to now state that by parking there , they can pass your info onto scum
    Originally posted by twhitehousescat
    Would that work when GDPR states that OPT-IN must
    be agreed...... a sign add-on would not cover that
    RBS - MNBA - CAPITAL ONE - LLOYDS

    DISGUSTING BEHAVIOUR
    • twhitehousescat
    • By twhitehousescat 14th May 18, 10:02 PM
    • 1,550 Posts
    • 2,031 Thanks
    twhitehousescat
    • #7
    • 14th May 18, 10:02 PM
    • #7
    • 14th May 18, 10:02 PM
    no dout the parking Cos will amend there NTK with a line that says if you want to appeal then you opt in
    Time pretending I was asleep whilst under his desk , has given me insight to this sordid world
    • beamerguy
    • By beamerguy 14th May 18, 10:08 PM
    • 7,793 Posts
    • 10,370 Thanks
    beamerguy
    • #8
    • 14th May 18, 10:08 PM
    • #8
    • 14th May 18, 10:08 PM
    no dout the parking Cos will amend there NTK with a line that says if you want to appeal then you opt in
    Originally posted by twhitehousescat
    Now, that will be fun
    RBS - MNBA - CAPITAL ONE - LLOYDS

    DISGUSTING BEHAVIOUR
    • twhitehousescat
    • By twhitehousescat 14th May 18, 10:15 PM
    • 1,550 Posts
    • 2,031 Thanks
    twhitehousescat
    • #9
    • 14th May 18, 10:15 PM
    • #9
    • 14th May 18, 10:15 PM
    sign here or dont do independent appeal , how else can they state there story to bill and ben or muppet and Co
    Time pretending I was asleep whilst under his desk , has given me insight to this sordid world
    • beamerguy
    • By beamerguy 14th May 18, 10:28 PM
    • 7,793 Posts
    • 10,370 Thanks
    beamerguy
    sign here or dont do independent appeal , how else can they state there story to bill and ben or muppet and Co
    Originally posted by twhitehousescat
    In their dreams
    RBS - MNBA - CAPITAL ONE - LLOYDS

    DISGUSTING BEHAVIOUR
    • Johnersh
    • By Johnersh 14th May 18, 10:31 PM
    • 1,105 Posts
    • 2,127 Thanks
    Johnersh
    I understand what you say
    I'm not sure you do

    There is no requirement under the GDPR to have an opt in process. You can process data without having any such process and without falling foul of the regulations.

    Many direct marketing companies are adopting a double opt-in to avoid the risks if substantial fines. In practice there may not be huge differences - you contract with a parking company that uses your data in association with its business. The thing is, lots of businesses are interpreting the exact requirements differently.

    The correspondence with addresses that are years out of date ought to cease though
    "The best advice I ever got was that knowledge is power and to keep reading."
    DISCLAIMER: I post thoughts as & when they occur. I don't advise. You are your own person and decision-maker. I'm unlikely to respond to DMs seeking personal advice. It's ill-advised & you lose the benefit of a group "take" on events.
    • beamerguy
    • By beamerguy 14th May 18, 11:05 PM
    • 7,793 Posts
    • 10,370 Thanks
    beamerguy
    I'm not sure you do

    There is no requirement under the GDPR to have an opt in process. You can process data without having any such process and without falling foul of the regulations.

    Many direct marketing companies are adopting a double opt-in to avoid the risks if substantial fines. In practice there may not be huge differences - you contract with a parking company that uses your data in association with its business. The thing is, lots of businesses are interpreting the exact requirements differently.

    The correspondence with addresses that are years out of date ought to cease though
    Originally posted by Johnersh
    OK, I am not trying to argue with you but the first letter
    I received was from BMW who stressed that to receive
    information etc and third party information, I need to
    OPT-IN

    Are BMW not interpreting GDPR correctly ??
    RBS - MNBA - CAPITAL ONE - LLOYDS

    DISGUSTING BEHAVIOUR
    • Johnersh
    • By Johnersh 14th May 18, 11:26 PM
    • 1,105 Posts
    • 2,127 Thanks
    Johnersh
    An over abundance of caution. But also marketing mailshots are prone to being misused or not kept up to speed as well as they might be.

    BMW are on a double opt in. I've had a call and an email (lucky me). In contrast, my client database includes an opt out (similar to requirements anyway) but no new opt in.

    This isn't unhelpful, if you have the time:
    https://www.signupto.com/news/digital-marketing/gdpr-double-opt-in-and-re-consent/
    "The best advice I ever got was that knowledge is power and to keep reading."
    DISCLAIMER: I post thoughts as & when they occur. I don't advise. You are your own person and decision-maker. I'm unlikely to respond to DMs seeking personal advice. It's ill-advised & you lose the benefit of a group "take" on events.
    • beamerguy
    • By beamerguy 15th May 18, 12:41 PM
    • 7,793 Posts
    • 10,370 Thanks
    beamerguy
    An over abundance of caution. But also marketing mailshots are prone to being misused or not kept up to speed as well as they might be.

    BMW are on a double opt in. I've had a call and an email (lucky me). In contrast, my client database includes an opt out (similar to requirements anyway) but no new opt in.

    This isn't unhelpful, if you have the time:
    https://www.signupto.com/news/digital-marketing/gdpr-double-opt-in-and-re-consent/
    Originally posted by Johnersh
    Thanks John for that, interesting read

    The jigsaw is not really complete and confusing

    Collecting information about your
    customers !!!8211; small business checklist
    Data Protection Act


    https://ico.org.uk/media/for-organisations/documents/1584/pn_collecting_information_small_business_checklist .pdf

    I can only count PPC's being small businesses

    It still appears that they must give a person the choice
    of Opting-in or doing nothing which means there is no
    agreement to pass on personal information

    Of course, we all know that the DVLA are allowed to give
    out information currently but surely the General Data Protection Regulation (GDPR) effective 25th May 2018 takes over from any previous data protection act that POFA 2012 relied upon
    Who has OPTED-IN with the DVLA

    The GDPR is somewhat ambiguous
    RBS - MNBA - CAPITAL ONE - LLOYDS

    DISGUSTING BEHAVIOUR
    • Loadsofchildren123
    • By Loadsofchildren123 15th May 18, 4:31 PM
    • 2,224 Posts
    • 3,725 Thanks
    Loadsofchildren123
    If a debt collector is acting as the agent of the creditor, does this come under the GDPR? The GDPR surely can't be used to prevent genuine creditors from pursuing genuine debts via third party agents (which these are until the debt is held non-existent/unenforceable)?
    Although a practising Solicitor, my posts here are NOT legal advice, but are personal opinion based on limited facts provided anonymously by forum users. I accept no liability for the accuracy of any such posts and users are advised that, if they wish to obtain formal legal advice specific to their case, they must seek instruct and pay a solicitor.
    • Umkomaas
    • By Umkomaas 15th May 18, 4:38 PM
    • 18,364 Posts
    • 29,063 Thanks
    Umkomaas
    If a debt collector is acting as the agent of the creditor, does this come under the GDPR? The GDPR surely can't be used to prevent genuine creditors from pursuing genuine debts via third party agents (which these are until the debt is held non-existent/unenforceable)?
    Originally posted by Loadsofchildren123
    'Genuine' seems to be the operative word. Because until a debt is adjudicated (or agreed) as owed, there can be no 'genuine' creditor - surely?
    We cannot provide you with a silver bullet to get you out of this. You have to be in for the long run, and need to involve yourself in research and work for you to get rid of this. It is not simple. We will help, but can't do it for you.

    Give a man a fish, and you feed him for a day; show him how to catch fish, and you feed him for a lifetime.
    • nosferatu1001
    • By nosferatu1001 15th May 18, 6:20 PM
    • 2,850 Posts
    • 3,541 Thanks
    nosferatu1001
    They don't rely on consent to get your data in the first place. So suggesting consent is needed to further process it doesn't seem likely.
    • Johnersh
    • By Johnersh 15th May 18, 7:28 PM
    • 1,105 Posts
    • 2,127 Thanks
    Johnersh
    Nope you're all still focussing on the opting in and out. That's key to marketing perhaps, but really not the focus here.

    If I read it correctly, the need to process data for the purposes of law or contract is what the PPC will rely on. See link below at 1(b) and (c).

    https://gdpr-info.eu/art-6-gdpr/
    "The best advice I ever got was that knowledge is power and to keep reading."
    DISCLAIMER: I post thoughts as & when they occur. I don't advise. You are your own person and decision-maker. I'm unlikely to respond to DMs seeking personal advice. It's ill-advised & you lose the benefit of a group "take" on events.
    • Coupon-mad
    • By Coupon-mad 15th May 18, 8:00 PM
    • 59,465 Posts
    • 72,641 Thanks
    Coupon-mad
    I think for a non POFA NTK, the PPCs would rely on 'legitimate interests' in 1(f).

    Neither of these (b or c) can apply if non-POFA and the keeper wasn't the driver, so not a party to any contract:

    (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

    (c)processing is necessary for compliance with a legal obligation to which the controller is subject;
    PRIVATE PCN? DON'T PAY BUT DO NOT IGNORE IT TWO Clicks needed for advice:
    Top of the page: Home>>Forums>Household & Travel>Motoring>Parking Tickets, Fines & Parking - read the 'NEWBIES' FAQS thread!
    Advice to ignore is WRONG, unless in Scotland/NI.

    • kryten3000
    • By kryten3000 15th May 18, 8:06 PM
    • 57 Posts
    • 111 Thanks
    kryten3000
    Consent is a red herring if a company has another reason to hold and process your data.

    Where it gets interesting is the removal of the 10 for a SAR - so you can demand all the information held about you for free and in addition as others have already mentioned, not correctly updating information when informed of an address change, for example, could result in large fines.
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

357Posts Today

4,824Users online

Martin's Twitter