We have just got a new puppy, turns out she is a rich source of potential data protection and GDPR breaches. 🙂

Lets start with trying to insure her.

We already have another dog so I rang to get a quote for adding her to the policy. The lovely person gave me a quote and then asked if I would like it emailed to me. I said yes, this was my first mistake. I got the email confirming the rate for the new dog. 3 days later another email prompting me about my quote, 4 days after that another email and 4 days after that another email and 3 days after that another email and 3 days after that another email. Make it stop I hear you say. So I unsubscribed and that is where you hope the story ends. But I wouldn’t be writing this if that was the case. Two weeks after the last email, I get a very important update about my policy. Thinking this must be about my original dog I open it and it is telling me that my quote for the second dog has expired. Feeling slightly exasperated I call the company and ask to speak to their data protection officer. I get asked why and I say that my request to unsubscribe has not been complied with. I get told someone will call me back.

So someone calls today on my mobile claiming to be from the pet insurance company and they tell me I need to confirm my name, address and date of birth. I say I have no proof they are who they say they are, they called me. What is it about? It’s about my expired quote! They tell me that I can’t have received all the emails I have got because they only send the first confirmation and then two chasers. No you don’t. I’m also told that the unsubscribe doesn’t remove me from all the mailing, hence the important update one. No, unsubscribe should mean unsubscribe. The operator also tells me they hadn’t breached the Data Protection Act as they hadn’t shared my information with anyone else. Well that’s a relief but they have breached the Data Protection Act by not abiding by my wishes to unsubscribe.

What should we be learning from this?

  • Unsubscribe means unsubscribe unless you have a contract with them that requires the individual to receive updates or your unsubscribe gives the individual the choice to update their preferences.
  • When you say yes to receiving an email confirmation what does that mean? Under GDPR companies should be explaining exactly what they are going to use your data for and how you will be contacted. This company would fail that test.
  • Asking me to confirm my identity when they called me is probably a bit over the top. They weren’t giving me any personal information and if they had by chance got someone else by mistake, I’m sure they would have loved the conversation over my unsubscribe.
  • Do your staff know enough about the Data Protection Act and GDPR to know when they are breaking the law? If not they need training.