Yell reprimanded by ICO for GDPR breach

Since February 2020, Yell has been refusing to provide their customers with a copy of their sales call recording. These recordings are useful evidence to prove that Yell’s sales agent made false claims and missold a contract.

Yell claimed that they were under no obligation to provide these recordings and supplied instead a simple call log showing the time, date and nature of the call.

The ICO has now reprimanded Yell for failing to meet their requirements under the GDPR. They have confirmed that Yell must supply all call recordings or full call transcripts. They have emailed Yell to ask them why they have failed to comply, told them to respond immediately and provide all customers with the requested data without undue delay.

The ICO has also demanded that Yell must now provide a justification for why they have not supplied this information and why there has been a delay in their responses.

In June 2020, Yell customers became the victims of a data breach whereby anyone could log into the Yell account of any other business, view their bank details and destroy their online reputation.

Yell support staff issued passwords and login details to anyone upon request and without making any attempt to confirm the identity of the person making the request.

Despite this breach being immediately reported to Yell, it took the company four days to change their policy and then denied it was a serious issue.

It is clear that Yell has a limited understanding of data protection rules and a complete disregard for the privacy of their customer’s data.

The ICO continues to investigate Yell’s practices.


Related Content