For around ten years I've been recommending the domain and hosting company One.com to many of my friends and clients. In fact, one client who I signed up to One.com around six years ago has caused me a little bit of annoyance over the last few weeks.
It seems this client hasn't paid their bill and owe One.com money for their hosting. How do I know this? Because unbelievably One.com sent me an email telling me about the former client of mine's inability to pay their bills, despite the fact I am not an authorised admin of their account.
Furthermore, One.com shouldn't have been contacting me via the email address they used, as I removed it from their system at the time I set up the account and handed it over to my client, therefore withdrawing their consent to contact me via this contact method.
So, I contacted One.com's support team and said "this email is not intended for me" and I asked them to remove my email address from their system. To my amazement, they came back and refused to. They told me the owner of the account needs to remove my details. This is not the case, data protection law states that if an individual requests to have their information removed from a company's database then the company must oblige.
The law also states that personal data should be retained for no longer than necessary, and that inaccurate personal data should be corrected or deleted. So, as I had already removed my email address from the account, six years on it should have been completely removed from One.com's database.
In May next year, the General Data Protection Regulation (GDPR) comes into effect. One of the key things a company must do in order to be compliant is erase an individuals personal data upon request if the data is incorrect, out-of-date, or if consent has been withdrawn.
Failure to comply with these new regulation can result in a fine of up to 4% of the annual worldwide turnover of the company or €20m, whichever is greater.
Although the new regulations don't come into effect until May, the rights of an individual in the case of my dispute with one.com haven't changed. GDPR just ensures that companies are compliant and imposes a new harsher penalty, the fine, for those who fail to comply.
With that threat of a terrifying €20m fine fresh in our minds, I ask you, how would you have handled my query? Here's my full conversation with One.com's infuriating support team...