I can assure you it is true, Vanquis did not send me the letter/email requesting to be allowed to continue communicating after 25th May 2018 (when GDPR came into force) and that removed all permissions, and effectively makes their T&Cs void. Yes, you give permission on original agreement, but the introduction of GDPR on 25th May 2018 means they need to have your consent to discuss your account with a third party. It means they have to write to you requesting that you give your consent to them 'selling' or 'discussing' your account to a third party. One thing they could have done was send out updated T&Cs for you to sign and return but if you didn't return them you were not agreeing to them, that's the loophole, returning them meant you agreed and third party permission was granted.

If you haven't renewed Vanquis's permission to discuss your account with third parties since 25th May 2018, then it's not allowed meaning Vanquis and Arrow Global have both breached GDPR by transferring your account. Give both 48 hours to resolve this, and raise a GDPR breach with the ICO if they don't agree. I received the same notice, Arrow Global didn't really care but Vanquis pooped themselves bigtime when I said I was going to ICO if they didn't get the account back in 48 hours, it was sorted by making a complaint and getting it escalated immediately highlighting the threat of legal action if it wasn't sorted in time. Please if you have received a notice or receive one in future, do the same as me. Vanquis need to stop this practice immediately, as too many complaints to the ICO will land them in the courtroom with threat of heavy fine or complete closure of their company. It is the same for all organisations in regard to your data, so challenge every chance you get, and stop your data being freely passed around. Email sent to Arrow Global with subject: GDPR Breach (Ref:{as they quoted}) Apparently Vanquis sold my account to you. I am seeing this as a breach of GDPR as my details are not allowed to be given to third parties by Vanquis. Return the account to Vanquis by end of business Friday, and NEVER contact me. Any contact from you will be seen as you breaching GDPR too, and it's content will be ignored, this includes any response to this e-mail. Email sent to Vanquis with subject: GDPR Breach (Ref:{account number}) Apparently, you have sold my account to Arrow Global, I am seeing this as a GDPR breach, as you do not have my permission to pass my details to any third party. While my contract with you started in YEAR, any permissions would have been removed on 25th May 2018 when GDPR came into force, and since that date I have not given my permission for my details to be passed to any third party. Please ensure my account is back under your control by end of business (2 days time), and I have instructed Arrow Global to do the same. I will not deal with Arrow Global, and if my account is not back with you in time, then Vanquis will be reported to all necessary authorities, with aim of getting you closed down completely, or at least heavily fined at a minimum.

If you haven't renewed Vanquis's permission to discuss your account with third parties since 25th May 2018, then it's not allowed meaning Vanquis and Arrow Global have both breached GDPR by transferring your account. Give both 48 hours to resolve this, and raise a GDPR breach with the ICO if they don't agree. .