Not sure. Sexual harassment? Breach of the GDPR Act 2018?

[chrisie16]

My car broke down, on the way to an interview, and I called my insurance people, because I have breakdown cover with them. This was at 1.15. lunchtime. I was parked in a lorry car park, so off and away from the main road. At 15.15 a guy arrived and said I needed a recovery vehicle. It would arrive at 17.30 ish. After several phone calls, I was finally recovered at 21.00 and because it was now so late, he was not able to take me to a garage, only my home address. We finally got to my home address at 10 pm. Poor guy. He looked so knackered, I offered a cup of coffee. He accepted, and I made coffee. This is where it went downhill, very rapidly. He asked me my first name, which I told him. He then asked my age, which I didn't. He asked if I had his mobile number, and I said no. He then tang my mobile, so his number was a missed call. He told me "you've got my number now, you can call me, day or night, even in the middle of the night, if you need servicing". I was so gobsmacked. I couldn't even think. All I thought was, did he actually say that? Really? He did say that, he really said that! He left, and gave me a hug, on the way out. He drove away, and I was still reeling slightly. Sadly, he came back, in his recovery vehicle, and sat outside my building, for another 10 minutes. I received another two text messages from him, one stating that I now have his private number. This was all on a Friday. I got up on Saturday morning, checked my phone, and I had a missed call from him, at 3.30 in the morning! I have reported him to my insurance company, the people who provide the breakdown cover within my insurance policy. I have also reported him to the local police, who say that no crime has been committed, but they are aware of him now.

However. This man still has ALL my details, kindly provided by my insurance company. I understand that this needs to be shared, if I need rescuing after a breakdown. I do not like the fact that this individual has all my personal information. He has my mobile number. My email address. He knows where I live, and has my vehicle details. I am NOT a happy chappy. The GDPR Act 2018 states that my information should be kept safe, secure and not misused.

He came on to you after you invited him in for “coffee”

He was forward in his intentions and you didn’t rebuff them or decline them

He gave you his number and you didn’t decline or say you were unhappy with this.

He hasn’t broken any laws or committed a crime.

Where you on the POP last night your posting style is erratic to say the least.

*were

He was absolutely in the wrong, he sounds sleazy but I don't think he can be labelled as some sort of sex offender. You let him know in no uncertain terms that you weren't interested, which is credit to you, and you followed up with your insurance company, which was exactly the right thing to do. I'm sure that will be the end of the matter. He wasn't to know about your previous abuse, and it wasn't his fault you lost your job. Perhaps think about upping your security so that you feel safer. Never invite strangers into your home, and finally, get proper breakdown cover! You should have been recovered within 2 hours I'd you were with one of the reputable companies. X

Sorry but inviting a man you don't know in for coffee at 10 pm is a risky thing to do. It's not the same as offering a tradesman who's in the house already a cuppa.

Obviously that has nothing to do with his subsequent behaviour which is creepy and wrong

I also don't get what this has to do with GDPR. Of course he had to know your details to do his job. Loads of people do - banks, doctors, etc. Inviting him in was the risky bit and that was not the insurance company's fault. There's obviously no way they can force this person to forget about you now anyway. I imagine they will probably sack him if they believe you.

Yeah he may be an unprofessional creep but it doesn’t mean he’s a rapist/wants to kill you. You’re overreacting.

It's not the GDPR Act. GDPR is a regulation (hence the R). In domestic law it's the Data Protection Act 2018.

No I don't think it's a breach of the DPA as he needs to know that information to do his job. But it is a concerning matter and you were right to report it to the police and his employer.

Everything else aside, concentrating on the legislation. Yes he has breached GDPR, he LEGALLY has to delete your details from his phone. If I were you I would contact the company, tell them you are not happy with the way it has been handled and you don't feel safe. The key is to say you feel your rights and freedoms have been affected, because in my opinion they have, you feel harassed and unsafe at the misuse of your data. The company should compel him to delete the details (he has a legal obligation to do so, if he doesn't he could be convicted).

If they do not handle, complain to ICO directly. All the details will be in the privacy notice. The insurance company are obligated to rectify the actions of their staff when they have breached.

He’ll probably just mutter about ‘mixed messages’ to his managers and never bother you again.
Never mind anyone saying you shouldn’t have invited him in for coffee, he shouldn’t have accepted. He wasn’t being safe, he wasn’t being professional and men need to learn that the easiest way to avoid being complained about for sexual harassment is to never put themselves in a position where anyone can accuse them of it. Lots of men manage that and I have no sympathy for the ones who don’t.

@oblada it's a clear breach of principle 2, of article 5 of GDPR.

Why on earth did you invite him in for coffee?

The OP's messages are a touch...odd at times, but there's still no excuse for this sort of shit these days.

I think it was a misunderstanding.
Inviting someone in for coffee is usually code for sex. He probably called you at 3am for a booty call.

Your previous comment about lying down for him to rape/service you is hysterical. Nothing about what you've said makes me think he's a rapest. Just a bloke who understandably didn't know you didn't know coffee is usually code for sex.

Whilst I'm not denying he was unprofessional, you are being hysterical and completely over-reacting. I can see why he could confused as you inadvertently implied that's what you wanted. Unprofessional but I don't think he's going to rape you or damage your car!

GDPR only applies to companies not individuals. The company used the data reasonably for its intended purpose.
An individual chose to use it inappropriately. He behaved like a sleaze but he was invited in at night, which is odd for a single woman to do.
You’re overreacting and should have shut him down clearly much earlier on. You should have told him to wait and taken a coffee out to his lorry, if coffee you must.

@CherryPavlova no that's wrong. If that were true any employee could go rogue with the company's data and the company wouldnt be liable, they are. This is why GDPR puts so much weight on the accountability principle ensuring demonstration of compliance such as staff training and policies. Just look at the Morrison's case.

Also, the ICO can convict individuals. For example if you stole company data and posted it online, you are personally convicted. The ICO look at the company's policies, reactions etc to decide if they also had a liability.

GDPR doesn't cover personal data processed by an individual for personal use, but it does apply individually in terms of compliance in a public environment.

He’s behaved inappropriately but this nonsense about your data is waaay ott. He needed that information to do his job, which he did.

Yes but then the creep used the data for his own personal means. I mean offering to 'service' her I doubt he was on about changing her spark plugs.

I personally wouldn't have invited a random breakdown man in for a coffee at 10pm at night. You need to be more concerned about being safe than being polite to men. He should have coffee in his van if he gets tired.

Block his number and forget him, I wouldn't worry too much.

I think it was a misunderstanding.
Inviting someone in for coffee is usually code for sex. He probably called you at 3am for a booty call.

I don't even know where to begin with this.

OP, you are not overreacting. His behaviour was creepy, intimidating and unprofessional. There is no possible way that he could have actually thought you were offering sex in the circumstances you describe. You did the right thing in contacting the company.

When you invited him in for coffee at 10pm, he saw that as an invitation for sex - he then gave you his number and hugged you and you didn't discourage it.

I think he was chancing his luck because you invited him inside late at night and he was hoping to get his leg over!

However I don't think he's done anything wrong as such. He can't suddenly forget where you live - just block his number and move on. You have no reason to think he's going to threaten you or cut your brakes or anything like that. He tried it on with you and got rejected - most likely that's the end of it.

Personally I wouldn't invite a stranger into my home at 10pm regardless of my intentions. You didn't know this man from Adam and he could have done anything to you!

Littlemisswhoknowswhat Your post is disgusting.

The OP has done nothing wrong.

@purpleolive Morrison’s, as I understand, was completely different.
The company were found liable at appeal because their database was insecure and a vengeful ex employee could still access the system.

The company had failed to secure the data from inappropriate use. It wasn’t prosecuted because of the ex staff members actions towards an individual but because they had systems failings that affected thousands.

In this case it was an individual using information, they had a right to see, outside of the intended use. It would be very difficult to prosecute this as a company failing unless large numbers of their staff behaved in a similar way.

I would get back to both the insurance co & the recovery co to challenge this:
"the individual concerned has been dealt with in the strongest possible manner".

• demanding to know exactly what steps have been taken, & informing them that if they respond a second time with cliches & non-information, that I would be instructing a lawyer to follow up on my behalf.

@CherryPavlova no if you look at the ruling security was not the direct issue and not what they ruled on, they did act on individual's actions, controversially, Morrison's are appealing and a lot of us in DP are eagerly awaiting the appeal because it sets quite a strong precedent (not one I agree with!)

The fact of the matter is it doesn't matter whether he acted "alone" or not, GDPR still applies because he got he data through his employer and misused it. It is still the duty of the employer to report it if it passes the threshold, it is up to the ICO to decide whether to go after the individual, employer or both. The fact it was an individual acting alone has no bearing on whether it is a breach or not, and does not exempt GDPR as you implied.

Ignore the trolls OP. You did the right thing, both in being polite by offering coffee and by contacting his employers when he took advantage of it. Seriously, who the hell hugs a customer? Who the hell uses a phonenumber acquired through work for personal harassment calls.

Personally I hope they did fire him, because he was way out of line. All companies these days have a policy about respecting people's boundaries there is no way his does not or that he is unfamiliar with it.

Behavior like his needs to be nipped in the bud and not left to spiral out of control. Trust your gut. It's usually right.