Their reply to my request to delete my data:

Thank you for your email requesting your right to be forgotten.

In order for us to carry out this request, we require proof of ID to ensure we only action requests made by the genuine owner of this email account. Acceptable forms of identification are,

  • Recent utility bill from the last 3 months (e.g. Gas, Electric)
  • Valid drivers License
  • TV License within the last 12 months
  • Council Tax Letter within the last 12 months
  • Title Deeds
  • Piecemakers@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    1 year ago

    1.) Ask for a listing of all the information they have about you.

    2.) If your aforementioned Deletion request (see title) is missing from that list, they are likely breaking compliance rules.

    3.) …

    4.) Profit!

      • drre@feddit.de
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        they they need to id you everytime you exercise your gdpr rights. there is nothing they can do about this.

        • AdvicePleaseThankyou@kbin.socialOP
          link
          fedilink
          arrow-up
          5
          arrow-down
          2
          ·
          1 year ago

          That’s just not true, I’ve put through a ton of requests in the past, for companies that had much more sensitive data (like payment details) and have never been asked for ID.

            • AdvicePleaseThankyou@kbin.socialOP
              link
              fedilink
              arrow-up
              6
              ·
              edit-2
              1 year ago

              Which they can by asking me to confirm who I am from the information they already have, the whole point is that they’re demanding I provide additional documentation to prove my identity, which is complete overkill* and something that I have never come across, and shouldn’t have to comply with.

              But either way, if they need my ID before they’ll provide my info, asking for it to try and catch them on a mistake only to be met by the same barrier (them demanding ID), it isn’t going to work…

              *(My brain can’t deal with that document you linked right now, but the relevant governing body here (ICO) say “The organisation might need you to prove your identity. However, they should only ask you for just enough information to be sure you are the right person.”

    • drre@feddit.de
      link
      fedilink
      arrow-up
      1
      arrow-down
      2
      ·
      1 year ago

      i doubt there is profit to be made. it’s more to keep them busy and learning about gdpr.