Bailiff went round the house taking photographs.

Bailiffs walk round the house indiscriminately taking photographs of valuables and documents. You have a right to have the photographs destroyed.

You are at serious risk of being burgled or your bank accounts compromised.

There is no reason bailiffs need photographs of your documents and valuables other than to steal your bank details or pass them to someone to burgle your property.

If the police tell you that bailiff crime is a civil matter, you must take extra precautions because you no longer have police protection from crime and therefore your are possibly uninsured because police refuse to give a crime number. The police put bailiffs in a class above the law.

You must inform the police. on the non-emergency 101 number that bailiffs attended and photographed your valuables and jewellery. Give a full description of them. Make a record of the name of the person you speak to and what was said.

Tell your bank and say which bank accounts may have been compromised.

Give the bailiff company a notice of withdrawal of consent to process your data and erasure under Article 17 of the GDPR or section 47 of the Data Protection Act 2018.

Move and secure your valuables to another part of the property.

Take photographs of the valuables including diamonds and jewellery the bailiff has photographed. You may need this in case you are burgled and you have evidence of you owning them.

If the bailiff company fails to comply with your Article 17 notice, you can sue for material and non-material damages including the loss or theft of the valuables photographed, under Article 82 of the GDPR or Section 168 of the Data Protection Act 2018.

You must take fresh photographs of all your valuables including diamonds and jewellery, and record their value.

If you home is burgled and your valuables are stolen, you have evidence of their existence and their value - you have a suspect, as well as a police record of your original call to police on 101 after the bailiff attended.

Procedure:

Go online and search the name and address of the bailiff company, then search the name of the bailiff himself on the public registered of certificated enforcement agents.

Tell your bank your account details may have been compromised because someone took photographs of documents inside your house.

Call police on non-emergency 101 that a bailiff entered your property without taking control of goods, or the debtor does not live there and that he took photographs of your valuables and confidential documents making you high risk of burglary now that someone knows where your valuables are kept. Take a note of the police incident reference number and the name of the person your spoke to.

Take photographs of all jewellery and valuables that were photographed by the bailiff. Record by photograph the rooms the bailiff entered and photograph all potential items the bailiff came into contact with.

Search the bailiff company with the Information Commissioner's Office (ICO) Register of Fee Payers to get the name and address for their data controller.

Give the data controller a Notice, to erase the photographs of your valuables because you withdraw consent for them to process them, and ask them to confirm they have destroyed the photographs of your valuables taken by the bailiff.

Wait 30 days.

If the bailiff company does not comply, or you get excuses, then report a concern online with the ICO.

The ICO will contact the data controller, to enforce the notice, impose another sanction, or discontinue your complaint

The lead times for the ICO to process your concern is about 10 weeks.

You can claim damages under Article 82 of the GDPR or Section 168 of the Data Protection Act 2018 and claim for material and non-material damages including the loss or theft of the valuables photographed.

The Law:

Article 17 of the GDPR states:

"Right to erasure ('right to be forgotten')"

1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;

(c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);

(d) the personal data have been unlawfully processed;

(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

(f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).

2. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:

(a) for exercising the right of freedom of expression and information;

(b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);

(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(e) for the establishment, exercise or defence of legal claims.

Section 47 of the Data Protection Act 2018 states:

Right to erasure or restriction of processing

(1) The controller must erase personal data without undue delay where—

(a) the processing of the personal data would infringe section 35, 36(1) to (3), 37, 38(1), 39(1), 40, 41 or 42, or

(b) the controller has a legal obligation to erase the data.

(2) Where the controller would be required to erase personal data under subsection (1) but the personal data must be maintained for the purposes of evidence, the controller must (instead of erasing the personal data) restrict its processing.

(3) Where a data subject contests the accuracy of personal data (whether in making a request under this section or section 46 or in any other way), but it is not possible to ascertain whether it is accurate or not, the controller must restrict its processing.

(4) A data subject may request the controller to erase personal data or to restrict its processing (but the duties of the controller under this section apply whether or not such a request is made).

Article 82 of the GDPR states:

"Right to compensation and liability"

1. Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered.

2. Any controller involved in processing shall be liable for the damage caused by processing which infringes this Regulation. A processor shall be liable for the damage caused by processing only where it has not complied with obligations of this Regulation specifically directed to processors or where it has acted outside or contrary to lawful instructions of the controller.

3. A controller or processor shall be exempt from liability under paragraph 2 if it proves that it is not in any way responsible for the event giving rise to the damage.

4. Where more than one controller or processor, or both a controller and a processor, are involved in the same processing and where they are, under paragraphs 2 and 3, responsible for any damage caused by processing, each controller or processor shall be held liable for the entire damage in order to ensure effective compensation of the data subject.

5. Where a controller or processor has, in accordance with paragraph 4, paid full compensation for the damage suffered, that controller or processor shall be entitled to claim back from the other controllers or processors involved in the same processing that part of the compensation corresponding to their part of responsibility for the damage, in accordance with the conditions set out in paragraph 2.

6. Court proceedings for exercising the right to receive compensation shall be brought before the courts competent under the law of the Member State referred to in Article 79(2).

Section 168 of the Data Protection Act 2018 states:

Compensation for contravention of the GDPR

(1)In Article 82 of the GDPR (right to compensation for material or non-material damage), “non-material damage” includes distress.

(2)Subsection (3) applies where—

(a)in accordance with rules of court, proceedings under Article 82 of the GDPR are brought by a representative body on behalf of a person, and

(b)a court orders the payment of compensation.

(3)The court may make an order providing for the compensation to be paid on behalf of the person to—

(a)the representative body, or

(b)such other person as the court thinks fit.

Template "Notice to Erase" requiring the data controller for the bailiff company to confirm the photographs taken at your property have been destroyed.