How to report UK GDPR violation from outside UK
January 25, 2025 11:19 PM   Subscribe

I have a similar (slightly different letters) name-based email address to someone from the UK and I have received several of that person’s paystubs by email. I would like to draw the proper authority’s attention to this.

I have responded directly to the person who sent the paystubs to me and they apologized and then proceeded to send me two more paystubs. Then I started getting some kind of grapevine emails?! I reached out to what I believe is the employer (different from paystub email address) and haven’t heard anything back.

I have tried to find my doppelgänger on social media but have been unsuccessful. Let’s say that our name is common enough that there is a prominent person from my hometown in the USA with the same name who is not me and there are many people in the UK and US with our name or our name with one or two letters changed.

I can’t really tell from the UK GDPR website if there’s a way to report on someone else’s behalf but I would really like to stop these emails to me and ensure my doppelgänger and only my doppelgänger receives their paystubs
posted by Francies to Computers & Internet (4 answers total)
 
If you use the reporting function at the Information Commissioner's Office, select "Make a complaint about how an organisation has used your personal information", the first question allows you to select "An organisation has sent me someone else’s information by mistake". There is also the option to contact them by telephone.
posted by paduasoy at 12:41 AM on January 26 [3 favorites]


Did you mention GDPR to them yet?

I've had decent luck with replying back that 'by sharing this information with me, a stranger, you are violating GDPR'. (Even better if you can quote a section or mention a fine.)

I actually doubt the report would achieve much (they're probably busy with bigger fish), but if the 'threat' stops the e-mails, you'll have achieved your objective.
posted by demi-octopus at 12:52 AM on January 26


Go to the sending company’s website, scroll to the bottom and see if there is a link called “Privacy”. That should send you to the company’s privacy policy, and have a way to contact them to report a privacy breach. It will go to their privacy office, which must investigate and should fix this. If the company is too small to have this, send to the CEO. And definitely mention GDPR violation in the email.
posted by Sukey Says at 2:54 AM on January 26 [1 favorite]


Mod note: One removed. Please limit comments to answers (see note below comment field). If you think there's a better way to handle a poster's problem situation, be respectful. We are here to help.
posted by taz (staff) at 8:51 PM on January 26 [1 favorite]


« Older Ukraine donation?   |   Decent/safe youtube/other for my 7 year old? Newer »

You are not logged in, either login or create an account to post comments