Menu
Reply
  • 17
  • 0
  • 4
Albatraous
On our wavelength
113 Views
Message 11 of 14
Flag for a moderator

Re: How difficult is it for Customer service to NOT breach GDPR?

Starting a statement with "You are wrong" is argumentative. How about you look up the information on GDPR on the numerous websites available before trying to present inaccurate information:

"The conditions for consent have been strengthened, and companies are no longer able to use long illegible terms and conditions full of legalese. The request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.​

Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subject withdrawing consent. It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests.
 
Privacy by design as a concept has existed for years, but it is only just becoming part of a legal requirement with the GDPR. At its core, privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition. More specifically, ‘The controller shall… implement appropriate technical and organisational measures… in an effective way… in order to meet the requirements of this Regulation and protect the rights of data subjects’. Article 23 calls for controllers to hold and process only the data absolutely necessary for the completion of its duties (data minimisation), as well as limiting the access to personal data to those needing to act out the processing."
 

People can claim to be calling from an official source all the time, there is a reason why there are so many phone scammers, as it can be difficult to verify the source, especially when they withhold their number. Just because they claim they are calling from Virgin and want me to verify my identity (despite me receiving the call, so I should be verifying them) you cannot prove they are who they say they are. Emails can be ghosted, but it is more unlikely for this purpose. A phone call to check you are happy with the service etc, would be an easy way for a scammer to obtain your security information with a quick check. 

How they contact me is not up to them. They have to obtain consent first. 

What is the purpose of having a preferred method of contact on a complaint form being Email only if they do not use this for complaints? That is just poor design process.

0 Kudos
Reply
  • 2.2K
  • 44
  • 361
DABhand
Super solver
108 Views
Message 12 of 14
Flag for a moderator

Re: How difficult is it for Customer service to NOT breach GDPR?

Ahh that is what I thought you had read, you do realise the form of the data is presented is nothing to do with emails, phone calls etc, it is the file type is to be easily accessible that everyone can use so the customer can receive the data and review it without the need for any other external 3rd party app to view it.

They do not need consent first to contact you, you gave that information when you created your account, you gave them your email address (unless a new VM customer and opted to have that used on creation), landline and mobile numbers (as applicable), address etc.

I recognise the wording, did you get this from ICO's site on consent? Again I think you are misreading into the meaning of the information and choosing particular phrases and words to bolster what you think it means. Again there is nothing there to suggest they have to contact you via your choice.

Here is the sub sections of the Consent section -

  • Unbundled: consent requests must be separate from other terms and conditions. Consent should not be a precondition of signing up to a service unless necessary for that service.
  • Active opt-in: pre-ticked opt-in boxes are invalid – use unticked opt-in boxes or similar active opt-in methods (eg a binary choice given equal prominence).
  • Granular: give distinct options to consent separately to different types of processing wherever appropriate.
  • Named: name your organisation and any other third party controllers who will be relying on the consent. If you are relying on consent obtained by someone else, ensure that you were specifically named in the consent request – categories of third-party organisations will not be enough to give valid consent under the GDPR.
  • Documented: keep records to demonstrate what the individual has consented to, including what they were told, and when and how they consented.
  • Easy to withdraw: tell people they have the right to withdraw their consent at any time, and how to do this. It must be as easy to withdraw as it was to give consent. This means you need to have simple and effective withdrawal mechanisms in place.
  • No imbalance in the relationship: consent will not be freely given if there is imbalance in the relationship between the individual and the controller – this will make consent particularly difficult for public authorities and for employers, who should look for an alternative lawful basis where possible.


Majide!
  • 2.2K
  • 44
  • 361
DABhand
Super solver
107 Views
Message 13 of 14
Flag for a moderator

Re: How difficult is it for Customer service to NOT breach GDPR?

Oops managed to post before I was finished.

Again I will say I hope they fix your issue, but in my honest opinion you are just making it worse for yourself thinking you can force VM to only contact you by email. It will just prolong the complaint to the point they may well just send a deadlock letter to say they couldn't come to an agreement with you and then you have to go to the ombudsman/cisas who in turn will say you were being unreasonable in your demand to be only contacted by email.

I don't want to see you go that route, but if you find it hard to talk on the phone you could always nominate a person to speak on your behalf by giving them the details they can do so. That way things will go quicker.

Majide!
  • 15
  • 1
  • 6
Wickles
On our wavelength
88 Views
Message 14 of 14
Flag for a moderator

Re: How difficult is it for Customer service to NOT breach GDPR?

Forgive me if you've already covered this, but could you not request that they contact you at a time when you'll be available? Late evenings, weekends, etc?

0 Kudos
Reply