Hi Radka
This begin when during the verification process of my account and a request of funds withdraw by me the business start to make all the process difficult and dragging in time.
During this process I received one email from the business where 2 individual names of Third Parties was disclose. This Information was taken from my bank statement ( provide for the purpose of address verification only). This information was taken and disclose by the business without my consent or authorization and without consent or authorization of the same 2 individuals Third Parties.
This is a very serious breach of data protection and no compliance of regulations and legal procedures under GDPR Act 2018 by the business.
I did question and raise my concerns to the business regarding the issue and not happy with the response I decide to request a Subject Access Request ( SAR). That it's all the data/information the business have and hold from one individual.
They failed to provide with my request in due legal time. For that reason I request 2nd SAR again they failed to provide my request in time. To aggravate the situation they omitted and withheld in my SAR request the name of the 2 individual Third Parties disclose as described above. In this situation my rights as person and consumer it's been denied where the business don't comply with regulations and legal procedures under GDPR Act 2018 .
I decide to expose the situation to the UKGC that advice me to log a complaint with the Information Commissioner Office (ICO).
I raise the complaint with ICO on they website. With this I send all the emails exchange between me and the business as evidence and proof to re enforce my complaint.
The ICO contact the business with instructions for them to address the issue and clarify my concerns raise.
The ICO didn't have any response back from the business in the 2 occasions they been ask to.
The ICO review my case and concluded the business had breach data protection and failed to comply with regulations and legal procedures under GDPR Act 2018.
This business not only failed with they legal obligations but and also show enormous lack of customer service and customer care when dealing with this situation.
This situation cause me financial losses and more worst then that damage my health with mental stress and anxiety disorder.
In my experience getting familiar with our rights as person and consumer regarding our data/information hold by business did help me in this situation.
Also any email/communication between the individual and the business it's vital so keep safe.
I was made aware when a business apply for a gaming licence there's no requirement to show evidence they are ready and committee to comply with GDPR regulations or supervision of the same. The licence it's award by the UKGC. In my opinion I don't agree with this.
Individual personal and financial information should be deal with maximum security safety and trust not as another tick box.
Jorge