Hi everyone. I wondered if someone could assist me with figuring out if this approach to marketing is compliant with PECR. A company runs a training platform which hosts short courses on various subjects, Each time someone signs up to a short course, they are presented with the following wording "By signing up to this training session you acknowledge that from time to time you may receive promotional calls from our sales representatives on latest courses and offers. If you do not want to receive calls, please click here. My question is, what lawful basis is being relied on in this instance: c ..read more

submitted by /u/latkde [visit reddit] [comments ..read more

Hi all, I recently submitted an Erasure Request to my previous energy provider and requested that they delete my bank account details as all invoices on the account have been paid and no balance is due on the account. I have also cancelled the direct debit with my bank. The company has refused to delete my bank account details claiming that they are relying on legitimate interests for retaining this information, specifically ‘for the establishment, exercise or defence of legal claims’ that may be the result of an inaccurate indemnity claim being made. The company has also not provided me with ..read more

Can someone please include a link to the most update GDPR with recitals? Sitting for CIPP/e soon. Thank you! submitted by /u/Kindly_Trainer246 [visit reddit] [comments ..read more

Hello, any experts? Is this a worthy complaint to the ICO? Basically, a couple of weeks have passed since the company organisation stopped sending me emails and texts. Though that was the end of it, they have stopped processing my personal data no use to them, so I decided to email the data protection officer to have my data erased and exercise my rights under GDPR somehow. After emailing the data protection officer, the company organisation restarted emailing me right away the very next day because their terms and conditions were set out. If we are no longer processing your data, you have th ..read more

Does anyone have any links or suggestions in courses please? I started a job as a trainee data protection assistant but I'm being delayed and not progressing. I like the job , figured I'd try to find and fund my own training and leave for another company. submitted by /u/Odetospot24 [visit reddit] [comments ..read more

A simple question, I think. If someone makes a DSAR but then retracts it before the data is delivered, is the organisation then at liberty to delete the data? This would still be deletion in response to a DSAR, wouldn't it? And arguably is deletion in expectation of getting another DSAR. Which are both bad. Also, how would one go about proving this happened? Who would one report it to? submitted by /u/soprofesh [visit reddit] [comments ..read more

I’m about to launch a social media site with marketplace functions. I’m kinda confused on what data I have to delete on a request to delete request. For example - do I delete all sales records of a seller - and than the buyer has no info? Or what about complaints against users by other users? Also what do I do about 3rd parties that have access to the user’s info like for submitting sales info for regulations? The list goes on and I’m confused. And on top of that I don’t know what company to go with for compliance. I’m thinking about termly.io - what are your thoughts? Thx submitted by /u/Od ..read more

I booked a suite at the Intercontinental through hotels.com last month. Last week I received an email through the hotels.com app from the Intercontinental saying my payment was not verified upon booking and I need to follow a specific payment link to pay again which will then be immediately refunded once I pay. I work in IT and all the alarm bells were ringing, the only thing that confused me was how these hackers managed to email me as the hotel through the hotels.com app. I immediately called the hotel who told me to disregard the email. They confirmed that my bank details had not been leak ..read more

I have a client who’s wanting to use the emails of their current clients via shopify who havent signed up to their mailing list. They’re planning on sending an email out to every person who’s ever bought from them giving them an option to unsubscribe or stay on the list. I’m unsure on allowing this to happen, is this against gdpr laws? thanks submitted by /u/emxxjw [visit reddit] [comments ..read more