The Outsourced DPO – how not to chat someone up in 2020

By Myles Dacres

Yesterday, a colleague sent the Outsourced DPO this link  Sure it happened in September so it may already be old news.  It reminded me of a case way back in 2011 (sometimes it pays to have been working in the field of data protection for decades!) in which a hospital worker was prosecuted for contacting a woman on Facebook following her brief stay in an Edinburgh hospital after using her hospital records to make contact.

A few generations back it might have been considered quite sweet to put in some leg-work in order to contact someone you fancied, but these days it is perceived as creepy.  It’s also against the law if it involves the mis-use of personal data.  In both cases, the recipient of the unwanted messages was horrified to be contacted out of the blue.

Maybe it’s not the initial contact that is extremely offensive – perhaps the scary thought is that once someone knows your phone number and/or a few minor details about you, it is very easy for them to drill into your life.  Within a few clicks they know your friends, see your snaps, know what you like and your hobbies and, depending on how much of a poster you are, they could even discover where you live, work, how and when you travel between the two and your habits.

When the Outsourced DPO went to The Poorhouse and other local hostelries a few weeks ago to review the test and trace arrangements (and naturally to check-out the beer too), the visitors’ log book was managed by staff and hidden from view.  The ICO’s test and trace guidance for organisations is good, but arguably inaccessible to many small business operators: we can’t necessarily expect them to understand the nuances and application of data protection law.  In the spirit of unity that Covid-19 has brought about, the Outsourced DPO produced some free to use materials to help which we have been sharing with the small business community.  Some of them are on the DPP website – please contact us for further information or for other resources that you might need.  You don’t want to be the story being referred to in 10 years’ time!

Contact Us

Send us a Message

Data Protection Project
GDPR Gap Analysis/Audit/Review
Outsourced Privacy Officer/DPO
Support Desk
SAR Support
Cyber Maturity Assessment
NIS Regulations
Information Governance Documentation
DataWise System

We are always happy to make contact with you by either phone, email or a face to face meeting at our office or yours. We work standard UK office hours – every week day 0830 to 1730.


We have been advising those people who have contacted us that they should make a complaint to the Information Commissioner’s Office (ICO) using this link  It would be helpful to the ICO if you knew the number that called you, the date and time of the call and what the call seemed to be about.

You might also want to register your phone number with the telephone preference service (TPS), a national suppression service which should cut down calls of this nature as it is not lawful to make unsolicited direct marketing calls to numbers registered on the TPS.  You can register your number here

We know that these kind of calls can be distressing and intrusive and you have our sympathy.  Please do not hesitate to contact us if you would like to discuss it with us otherwise we’d encourage you to report it to the ICO as notifying them of this kind of practice enables them to investigate and take enforcement action where necessary.  You can see the action that has been taken by the ICO here

Data Protection People Limited – March 2021