Carrier:
Royal Mail
Envelope Detail:
White C6
Front: Top left; PRIVATE & CONFIDENTIAL
Top right; Royal Mail logo, coded C910009
Reverse: Top center; Return Address (Please DO NOT use for correspondence
Bottom left; SCBAR52 (02.16)
Bottom center; The mill producing this paper supports sustainable forestation
Sender:
Barclays Bank
Category:
Financial
Nature of contents:
Barclayloan Plus Arrears Notice
[More great entries! PS. According to Google Analytics, for the last 28 days, there were over 16,000 visitors to this site – how fantastic is that! – Admin]
larkstar 3 weeks ago –
Annual Cash ISA/Savings Account Statement.
But which is it? Loan arrears notice or ISA statement?
Barclays. Notice of closing an old account with nothing in it.
Keep getting letters from these people despite the addressee not being known at our address. We send them back marked “Addressee unknown” etc but they still keep coming
They are legally required to update their records (Data Protection Act). I believe they have 40 days to update their records once you have informed them.
The EU’s GDPR superseded the UK’s Data Protection Act 1998 back in May 2018 whilst the UK was part of the EU, and so EU Regulations were enforced. Although now post-Brexit and no longer part of the EU, I think I heard that the ICO is considering re-introducing a UK’s own, complete, legislation, like the DPA ’98 once was. Until then…
GDPR Article 16 relates to ‘Right to rectification’ which says “The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her”.
Unfortunately there isn’t any defined timescales associated with Article 16 – just the reference to “without undue delay”. The 40 days is the old DPA ’98 relating to the timescale for processing Subject Access Requests – what is now known as Article 15 ‘Right to Access’, which I think is now one calendar month.
All that said, I have the feeling that the issue is this wording: “The data subject shall…..inaccurate personal data concerning him or her”. If you receive a piece of post that is not addressed to you – its your property, but the information (the item of post) is in someone else’s name – they are the ‘customer’ of the company writing the letter and therefore the ‘data subject’. I don’t believe there is a legal basis for phoning a company to inform them that another person (a third-party) has a different postal address. You would be in effect telling a company to change a complete stranger’s personal record; no different to a stranger calling up a supplier of yours and telling them that you no longer live at your address! Under GDPR, only the data subject – the named person who’s information it is – has the authority to change information held about themselves (unless provided consent for a person to act on their behalf – common like for a Utilities account where the account is in one name but a partner does all the interactions).
Now, this isn’t to say that the company won’t work with you. I would guess that some companies would welcome being told, like when they respond with something like “Thank you for letting us know – we will make a note of this”. That ‘note’ is possibly not them changing the address, but something like putting a hold on any letter communications, noting that the recorded address on their record is ‘unverified’. Other companies may not accept being told by a third-party – such as a Debt Collection Agency – where its an invasion tactic to tell them that a named individual is not at an address; they would need to confirm / verify it for themselves – perhaps like a visit. Or maybe, I’m speculating, that some companies like finance related must ignore your contact and continue to write to the individual at your address, to demonstrate that they trying to contact the person until told otherwise only by that person.
There are other clauses and general principles to operate by in the interest of a company not causing impact (e.g. harassment) from their proccessing.
So overall, yes, do communicate with the company, explain the situation (that the named person doesn’t reside at the address), explain any adverse impact that their communications are causing you, and try to work with them on a solution. But sadly, to my knowledge, I don’t think there is that clear legal basis – that GDPR or others provides – that you can base upon to force the company to act. As such, it might be best to not contact a company with full-force and threaten them with quotes of legalities that may not hold water. Personally, my experience is that a polite, professional, calm, cooperative approach wins most times over forceful demands.
A disclaimer of course that I’m not a legal professional, and this should not be taken as legal advice. It’s just my personal interpretation of the legislation as it’s published along with personal views.
M.