Re: Confusing and unworkable
The problems are in interpretation - what claim needs to be made that it is relevant for you not to delete it for example ?
As an example I used to use paypal - they have all my details, credit card, bank details, etc.
When I'd had enough of their complete disregard for any oversight process, and realised I did not want anything further to do with them as I did not trust them (as a US company AND as paypal) to look after that personal data, I asked for my account to be closed.
At this point they said 'sure - just give us a full copy of your driving licence and password so we can 'identify you'.
Now they were quite happy I was 'me' up to this point - debiting my CC when I make purchases, sending me shite spam, screwing me over as a seller, etc...
And as the whole point is that I don't trust them as far as I can spit, I was damned it I was going to give them copies of 2 important documents - probably the 2 most important ones I own, neither of which they have any right to view AT ALL.
So they refused to close my account. On talking to the Financial Ombudsman I was told 'tough - we can do nothing'.
That was 2 years ago - and still they won't close my account and remove my data.
So - will GDPR force them to do so ? I'd like to think so, but I don't see how it will. They can still claim either:
- prove who you are by giving us even more personal info that we have no legal right to whatsoever then trust we'll delete it after cause like we have a great track record for that....
- claim it's still 'relevant' for some shite reason or other they make up.
So frankly I won't be holding my breath on anything changing AT ALL with GDPR with big foreign (usually US) based companies/wankers like PayPal.