Expert Advice Community

Guest

GDPR - Breaking of Confidentiality

  Quote
Guest
Guest user Created:   Jun 03, 2020 Last commented:   Jun 03, 2020

GDPR - Breaking of Confidentiality

1. I have been in dispute with a care company over an invoice dating from late 2018. Basically the company was trying to charge my mother, who suffers from *** for appointments where they didn't turn up or left early to get to other appointments. I asked for some information under the "Freedom of Information Act 2000" several months back which the care company did not supply. Recently a Debt Recovery company contacted me reference the unpaid invoice. We have been in communication for a several weeks now. This week I received an email from the Debt Recovery company attached to the email was some of the information that I had requested from the care company. The attachments were a copy of my mothers contract with the care company, a copy of her Individual Care and Support Agreement and a copy of my Power of Attorney for my mothers finances.

Are the care company in breach of GDPR for sharing this information with a third party i.e. the Debt Recovery company?

2. What can I do about this breach of confidentiality?

3. Can I take the Care Company to court over this matter? As I am really not happy with them over this!

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Jun 03, 2020

I have been in dispute with a care company over an invoice dating from late 2018. Basically the company was trying to charge my mother, who suffers from *** for appointments where they didn't turn up or left early to get to other appointments. I asked for some information under the "Freedom of Information Act 2000" several months back which the care company did not supply. Recently a Debt Recovery company contacted me reference the unpaid invoice. We have been in communication for a several weeks now. This week I received an email from the Debt Recovery company attached to the email was some of the information that I had requested from the care company. The attachments were a copy of my mothers contract with the care company, a copy of her Individual Care and Support Agreement and a copy of my Power of Attorney for my mothers finances.

Are the care company in breach of GDPR for sharing this information with a third party i.e. the Debt Recovery company?

First, you should verify if any privacy notice was given to your mother and if she signed it. She may have given consent to data processing and data transfer.

In any case, Article 6 GDPR paragraph 1 (b), (f) states that data processing (without consent) is lawful when it is necessary to perform a contract between the controller and the data subject or for the purposes of a legitimate interest of the controller or a third party. Therefore, transferring data to collect money for an unpaid invoice is considered lawful.

You should verify with a lawyer if the Member State where you live introduced some internal regulation over data processing in debt collecting procedure which limits data transferring in some way. 

 

What can I do about this breach of confidentiality?

It can be considered a breach of confidentiality only if your mother signed a privacy notice where it was stated that personal data would not transfer to any third party. Otherwise, it can be considered lawful.

 

Can I take the Care Company to court over this matter? As I am really not happy with them over this!

I can understand that you are not happy, you should ask for advice from a lawyer in your own country and verify if there is any chance to defend from their request on the basis of the care service provided. 

You can find more information about data processing here:

You may also consider enrolling in this online EU GDPR Foundations Course:
EU GDPR Foundations Course: https://training.advisera.com/se/eu-gdpr-foundations-course//

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 03, 2020

Jun 03, 2020

Suggested Topics

Guest user Created:   Dec 02, 2019 EU GDPR
Replies: 1
0 0

GDPR clarifications

Guest user Created:   Sep 24, 2021 EU GDPR
Replies: 2
0 1

Conversion to UK version of GDPR