In the beginning.....

In the beginning I started getting lots of unrecognised calls on my personal mobile. 

Normally I ignore them, but as I started getting periodic repeat calls from the same number, I decided to answer as it might be important.

It wasn't. Someone was offering to "save me up to 90% of my cloud costs".

At this point, I was intrigued. How did they get my number? I keep my personal number private, and always ensure I check (or uncheck) the correct boxes on Websites to ensure my data isn't shared.

I asked the salesman and he said that they use Lusha, who use your LinkedIn profile and combine it with data from other sources.

This bothered me. I haven't transacted with Lusha so they have no legitimate use of handling my data. Worse still, they are speculatively combining data without verification, not knowing if it's personal or private. Then they are using that data and selling it on (or making it available via a service to others) without my consent.

Finally, the user didn't check whether my mobile was registered with the Telephone Preference Service (it was). Perhaps because no-one had verified whether it was a business or personal mobile they thought they didn't need to.

This call distracted me in a moment of concentration and consumed valuable time. A line was crossed as for me there was clear and blatant misuse of data and GDPR legislation was being ignored.

I asked others, and discovered my experience was commonplace. Many others were getting cold calls from uses of Lusha. Time to do some research and make it available to others.




Comments

Post a Comment

Popular posts from this blog

Requesting Removal from Lusha's systems

Under UK GDPR legislation you have the right to be forgotten . Lusha provide a form you can submit to request your removal from their systems.  However, this may require you to provide more information than you wish (e.g. your phone number or email address) and also requires you to sign up to their terms and conditions - which includes a 7-year retention of your data. This is unnecessary. Under GDPR it is sufficient to contact the Data Protection Officer. Email the UK GDPR Representative and demand that they exercise your right to be forgotten. Provide your LinkedIn profile as this is the primary index they use to profile you.
Read more

Outsourcing your GDPR representative

Lusha outsource their GDPR responsibilities to a small UK company, with a virtual office in London. The company is called DP Data Protection Services UK . They're small as their net assets are approximately £37k per year, with annual creditors of £10-15k. With those numbers I would guess that they have one customer: Lusha. The same director also is CEO of the European GDPR representative for Lusha: DP Dock Data Protection . In the UK you should intially contact DP Data Protection Services ( email here ) if you wish to issue a Subject Access Request , or demand Your Right To Be Forgotten .
Read more