Jump to content


Breach of GDPR - County Court Claim ***WON***


style="text-align: center;">  

Thread Locked

because no one has posted on it for the last 1755 days.

If you need to add something to this thread then

 

Please click the "Report " link

 

at the bottom of one of the posts.

 

If you want to post a new story then

Please

Start your own new thread

That way you will attract more attention to your story and get more visitors and more help 

 

Thanks

Recommended Posts

Hello

 

About 3 years ago I had an issue with my pension provider and as a result placed an SAR with them,

however they employed delay tactics and required various forms and ID documents to be completed.

I know I should have done but never pursued the request.

 

However under the new GDPR I submitted another SAR on the 30 May, recorded mail and signed for by them.

They never acknowledged my request and never acknowledged a reminder I sent to them.

Needless to say they have not complied.

 

I intend to issue a claim in the County Court as well as reporting them to the ICO.

I have issued a LBA informing them I will start proceedings after the 14 days of the date of my LBA and at the same time report them to the ICO.

 

Question is,

what will be the nature of the claim,

I am not after the £'s,

I just want the breach against them to be recorded and I want my personal data from them.

 

Also should I report them to the ICO before pursuing a Court claim?

Edited by dx100uk
spacing
Link to post
Share on other sites

  • Replies 75
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

It is possible to recover for non-material damage. It seems that claimants will be able to bring compensation claims even if they have not suffered a financial loss arising from an infringement of the GDPR and potentially even if the damage suffered is minimal.

 

This could include a claim for :

 

Distress.....Anxiety.....Reputation damage

 

Andy

We could do with some help from you.

PLEASE HELP US TO KEEP THIS SITE RUNNING EVERY POUND DONATED WILL HELP US TO KEEP HELPING OTHER

 

Have we helped you ...?         Please Donate button to the Consumer Action Group - The National Consumer Service

If you want advice on your Topic please PM me a link to your thread

Link to post
Share on other sites

Because it is very easy for these people to claim that they haven't received any SAR from you, do you have evidence that sent it? Did you send it by email? If you send it by post then did you send it by recorded delivery? If you didn't do these things and I'm afraid that although it is frustrating, you have opened up a little crack for them to escape liabilities. In that case you should send the SAR again but this time make sure that it is fully tracked in some way or other.

Link to post
Share on other sites

Hello

Yes,

everything was sent by recorded delivery,

 

I also have copies of the tracking code and signature when the request was delivered.

 

It was signed for the next day,

I sent the SAR on 30 May and it was signed for on the 31 May.

 

Regards

Edited by dx100uk
spacing
Link to post
Share on other sites

Hello

Yes, everything was sent by recorded delivery, I also have copies of the tracking code and signature when the request was delivered. It was signed for the next day, I sent the SAR on 30 May and it was signed for on the 31 May.

 

Regards

Link to post
Share on other sites

as a side issue 99% of pension providers now have online portals whereby you can download certainly the full details of your pension

but if you had a dispute before, then that type of thing is sometimes not there.

 

what was the dispute?

why did you sar them?

can w help on that too?

please don't hit Quote...just type we know what we said earlier..

DCA's view debtors as suckers, marks and mugs

NO DCA has ANY legal powers whatsoever on ANY debt no matter what it's Type

and they

are NOT and can NEVER  be BAILIFFS. even if a debt has been to court..

If everyone stopped blindly paying DCA's Tomorrow, their industry would collapse overnight... 

Link to post
Share on other sites

ok worth a try.

 

there are plenty of failed SAR court claims here already.

 

IMHO I would report them to the ICO..yes you can do that over the phone.

 

I know people say they are useless but the times ive done it, within 24hrs they'd phoned whom i'd complained about

and got the matter sorted and the info arrived by email on one the same day

and on another 2 days later by Parcel Farce 48hrs recorded and sign for.

please don't hit Quote...just type we know what we said earlier..

DCA's view debtors as suckers, marks and mugs

NO DCA has ANY legal powers whatsoever on ANY debt no matter what it's Type

and they

are NOT and can NEVER  be BAILIFFS. even if a debt has been to court..

If everyone stopped blindly paying DCA's Tomorrow, their industry would collapse overnight... 

Link to post
Share on other sites

I certainly agree that you should report them to the ICO immediately. However, even if the ICO sort it out I think you should sue them anyway for a very modest amount – say £50.

 

Of course they will try to settle and if I were you I would refuse any settlement and proceed to judgement. Then send a copy of the judgement to the ICO and also to the FCA.

 

This is the only way to deal with these people and to deliver a lesson.

 

Your claim form would broadly be

the defendant is a data controller within the meaning of GDPR

on XXX date the claimant sent a valid request for statutory disclosure of personal data.

The request has been ignored by the defendant

the defendant has breached their statutory duty

the claimant has incurred expenses and also suffered distress

expenses equals £XXX

distress not exceeding £50 at the discretion of the court

Link to post
Share on other sites

I can't see how there would be plenty of failed SAR Court Claims under GDPR, it was only introduced on 25 May so given that compliance is 30 days, so 24/25 June, and any action has to have at least 14 days notice before a court claim can be submitted then there can't possibly yet be any SAR court cases being heard under the new GDPR regulations yet.

 

BankFodder was suggesting that people should be actively pursuing any breaches, if necessary through the Courts. I am happy to pursue this. My only doubt is on how to actually submit a claim with regards to wording the breach and the amount of the claim.

Link to post
Share on other sites

Thank you BankFodder, I just posted but didn't see your posting until after I had submitted it so you have answered my questions.

 

I will proceed as you have advised and keep you posted on progress.

Link to post
Share on other sites

the claim is the same regardless to GDPR coming in, its just now free and a much shorter time limit to comply and with possibly heavier regulations imposed as to why they must comply, than under the old SAR rules.

please don't hit Quote...just type we know what we said earlier..

DCA's view debtors as suckers, marks and mugs

NO DCA has ANY legal powers whatsoever on ANY debt no matter what it's Type

and they

are NOT and can NEVER  be BAILIFFS. even if a debt has been to court..

If everyone stopped blindly paying DCA's Tomorrow, their industry would collapse overnight... 

Link to post
Share on other sites

i pursued a SAR from last year we eventually got an enforcement notice put on the ICO web site which will stay, i have just followed up every couple of weeks with the ico case worker, to see if I can take further action.

Link to post
Share on other sites

This sounds interesting.

 

Please will you tell us more

Edited by dx100uk
Quote
Link to post
Share on other sites

i believe the first action you should do in a dispute is to SAR the company, before any litigation or possible litigation starts. After the 30 days keep in contact with the ICO, they will throw litigation privilege etc but keep asking the correct questions and the truth comes out eventually.

Link to post
Share on other sites

i believe the first action you should do in a dispute is to SAR the company, before any litigation or possible litigation starts. After the 30 days keep in contact with the ICO, they will throw litigation privilege etc but keep asking the correct questions and the truth comes out eventually.

 

yes, but please would you give us more detail of your own story – the enforcement notice et cetera. Where can we find out about ICO enforcement notices? I'm afraid that I certainly haven't heard of them.

Link to post
Share on other sites

Oh sorry bank fodder i will not give away too much at present still on going, but go onto ice web site and look for enforcement notices you will see all the companies on their site who have notices. I am following this up to get a reader penalty.

I can't PM you because i don't have enough posts.hope this helps

Link to post
Share on other sites

You can PM any Site Team member...irrespective of post counts......you PMed me :wink:

 

I think this is what you are referring to ;

 

https://ico.org.uk/action-weve-taken/enforcement/

We could do with some help from you.

PLEASE HELP US TO KEEP THIS SITE RUNNING EVERY POUND DONATED WILL HELP US TO KEEP HELPING OTHER

 

Have we helped you ...?         Please Donate button to the Consumer Action Group - The National Consumer Service

If you want advice on your Topic please PM me a link to your thread

Link to post
Share on other sites

I was wondering if someone could explain something here.

 

I made a SAR and the company responded on the 30th day after my request, but there were huge gaps in the information they provided.

 

I responded with a very detailed letter, giving evidence, of information I know they hold and process. I received a very quick rebuttal, stating they've complied with GDPR and everything else has been deleted.

 

I want to escalate things, so I have made a complaint to the ICO.

However, they made clear to me that they have no powers to force companies to hand over documents etc. containing personal data.

 

A search on here has shown that some people have filed Part 7 claims for a small amount of damages or distress, with a request for an order that the defendant hands over personal data.

 

The confusing thing for me here is that some judges have refused to issue the order to hand over personal data, either because the higher fee hasn't been paid or it should come under a Part 8 claim.

 

I am confident in bringing a claim within the small claims court, but beyond that I would not be comfortable without representation.

 

Anyone any ideas?

Edited by dx100uk
Spacing
Link to post
Share on other sites

We are at the moment, breaking down barriers with GDPR, the ico can issue an enforcement notice on the company if they fail to comply.

 

I am still pursuing to get a monetary penalty, be persistent with the ico.

We have a few with the companies we are having problems.

 

I however have not done any claims at present, but would be interested also to hear of any success on this front.

This is vital that people make SARs it is very important.

 

can we ask who the company is , please don't state if this puts you in a bad position legally.

I have also sent a letter over legal privilege to some of the people who are not being fort coming with my SARs.

 

Very interesting subject GDPR, i am sure successes on this forum will be very beneficial for everyone

Edited by dx100uk
spacing
Link to post
Share on other sites

The problem with the ICO enforcement is that it's only going to be used in cases where there are multiple breaches of data protection law by the same company.

 

The new level of fines seems great on paper, but I would be very surprised if the ICO is heavy handed on non-compliant data controllers.

 

The interesting one with GDPR is that if you suffer material or non-material damages as a result of an infringement of your rights, you can bring a claim against the data controller.

 

The problem at the moment, however, is that the judicial remedy rights and processes aren't set out.

Edited by dx100uk
Spacing
Link to post
Share on other sites

Its not just about higher fees...Part 8 is a completely different process were the claim will be allocated to Multi Track...all evidence must be submitted with the claim (unlike part 7) the defendant does not submit a defence....only a witness statement in response.

 

Part 8 is intended to be used in claims where there is not a substantial dispute of fact and which may be resolved without the same lengthy and complicated pleadings found in Part 7 proceedings. This can often mean the proceedings are less adversarial and procedurally complicated than the more formal Part 7 proceedings.

 

Part 8 must be issued where a party is seeking a declaration of rights under a contract; a declaration relating to the law (where there is an issue regarding the interpretation of a statute); and a declaration of non-liability. Other cases may include costs-only proceedings, a claim for provisional damages which has settled prior to the issuing of proceedings and all that is required is Judgment from the Court.

 

Using Part 7 and stating a small amount of award to keep it in Small Claims Track is incompatible with this type of claim and in most cases will not be accepted.

 

Andy

We could do with some help from you.

PLEASE HELP US TO KEEP THIS SITE RUNNING EVERY POUND DONATED WILL HELP US TO KEEP HELPING OTHER

 

Have we helped you ...?         Please Donate button to the Consumer Action Group - The National Consumer Service

If you want advice on your Topic please PM me a link to your thread

Link to post
Share on other sites

The confusing thing for me is that the ICO's old 'Taking a Case to Court' document says you can use Part 7 claims for specific performance where there is likely to be a dispute of facts.

 

If you submit a SAR and the data controller fails to respond, then I can see how this would be a Part 8 claim as it's straightforward and there is not a great dispute of facts.

 

Whereas if you submit a SAR and the data controller responds with clear gaps in the data they provide, surely this would be a Part 7 claim? You should still ask for an order to be made, but it's clearly not as straightforward as the above case where a data controller does not respond at all to the SAR.

 

I read on a forum (perhaps here?) that someone went down the Part 7/small claims route where a data controller didn't respond to the SAR. At the hearing, the judge made a small award of damages as well as an order for compliance.

 

On the other hand, I have also read on here a case where a judge refused to make an order unless a higher fee was paid. The judge say the order was an injunction, which I don't think is correct as it should be an order for specific performance.

Edited by AnotherLegend
Link to post
Share on other sites

  • Recently Browsing   0 Caggers

    • No registered users viewing this page.

  • Have we helped you ...?


×
×
  • Create New...