More results... Was this search useful?   Yes   No
Skip to main content

GBG’s Suppression FAQs

GBG (The Data Controller) will assess an individual’s right in relation to their request “To Be Forgotten” and if upheld personal data will be suppressed from our Products & Services. The GBG Suppression List will also be used where an individual has requested restriction or processing or rectification, so that in the event further personal data is passed to GBG to process from a new data supplier, then we can honour your initial request to cover new data sources.

We appreciate this could be confusing, therefore we have documented the approach we apply below, so we can be as transparent with you as possible.

Frequently Asked Questions

Before we explain further, it’s important to highlight GBG only share your personal data with organisations (our customers) who have a relationship with you or where they have a lawful reason.  Our customer use of our Products & Services includes the tracing of individuals, verification and/or validation of the identity of individuals for the purposes of, but not limited to, anti-money laundering regulations, national security, crime prevention and detection, anti-fraud processes, asset recovery and asset reunification. 

GBG have developed these Products and Services to make it easy for organisations to access your information where they have a lawful reason for doing so.  We always match it to personal data they provide for you, therefore can assure you, we do not offer list generation services or sell your data for marketing purposes.  More information can be found in GBG’s Products and Services Privacy Policy (linked if document is electronic,  If not, please visit www.gbgplc.com and access the Products & Services Privacy Policy via the link at the bottom of the page). 

GBG source your personal data from data suppliers.  These organisations typically provide it to a number of companies other than GBG, so it is also best to ensure your data is suppressed at source.

It is important to note GBG, the Data Supplier and GBG’s Customers are separate independent Data Controllers.  This means GBG cannot control or influence how they choose to respond if you have or do make a data subject rights request to them. 

GBG will action the suppression as quickly as possible, although it can take up to one month for your personal details to no longer be available for customers to access due to the data build process used.

GBG’s Suppression List will match based on Name & Postcode, with additional attributes that we are aware of, such as Landline/Mobile/Email/Date of Birth also recorded.  This will be an exact match, so if Kathryn Jones is recorded and we receive a Kate Jones at the same address, we would then only introduce Kate Jones to the database, as there is no way for us to determine Kathryn and Kate are the same person. 

If you wish to add other forenames to the Suppression List by which you are known, then we must be notified.  These must be similar or there must be other evidence (such as a passport or driving licence to prove your identity)  so we are confident it is for the same person, e.g. Kathryn could be Kate, Katy, Katie, Kat, Kath or Kathy, or your name may be Alison Kathryn, but you are known by your middle name. 

In these circumstances please complete our webform https://www.gbgplc.com/contact/general-enquiry/individual-data-enquiry/ or email compliance@gbgplc.com  with the specific requirement for us to action.

We sometimes receive requests from individuals with only an email address.  Without further information (name and address), we are unable to add this to GBG’s Suppression List. 

GBG’s Suppression List is applied to the following data GBG host.  This includes:

  • Commercial Contact Data (Name/Address/Date of Birth/Landline/Mobile/Email). This data has been gathered from you by our data suppliers, and you should have been made aware at the point of capture it would be shared with third parties.  Why they are sharing this with GBG is detailed above.  
  • Open Register (previous known as the Edited Electoral Roll). We also recommend you inform your local electoral registration office if you wish to opt-out of the Open Register as this can be used by many organisations, for varied purposes.  GBG is unable to influence who they share personal data with and how it is subsequently used.
  • Full Electoral Roll - The Full Electoral Roll can only be accessed by organisations covered under the Representation of the People’s Act; GBG is not permitted by law to access this data, therefore we are unable to identify and advise if you are on this list or change it in any way.  If you contact your local electoral registration office, they will be able to advise (https://www.gov.uk/get-on-electoral-register).  Before contacting your electoral office, remember, if you want to vote, you will need to be on this list.

  • Suppression Files (Deceased/Goneaway/Telephone Preference Service/Mail Preference Service) - Applying a suppression would override an existing request. GBG receives this data under licence from a data supplier, which means it is also licenced to a number of other organisations.  You will need to contact them directly to amend any preferences you have.

  • BT OSIS (UK Telephone Number Database) – This file is governed under statute and GBG is not permitted to change this data in anyway. GBG receives daily updates for this file, along with a number of other organisations.  It is also worth you being aware that if you are in the public telephone directory, anyone could get your telephone number by calling directory enquiries (i.e. 118 500).  To remove your personal data from the public telephone directory, you need to contact your landline telephone provider.

  • Royal Mail’s NCOA Update (Forwarding Address Files) – You will have registered with Royal Mail to have your mail forwarded. GBG is not entitled to change this data, therefore we suggest you contact Royal Mail directly to amend your preferences.

  • Company/ Directors details. This is publicly available information therefore any requests must be made to Companies House. It is worth noting the Companies Act 2006 requires the registrar to collect and publish information, including the personal data of officers of companies and other entities, on the register.

  • Insolvency/ CCJ data – This is publicly available information therefore any requests must be made to the Registry Trust (CCJs) or the department responsible for the Insolvency Register. It is worth noting this data is collected and shared under other acts, such as The Register of Judgments, Orders and Fines Regulations 2005 (CCJs) or the Insolvency Act 1986, therefore GBG is unable to change the data in any way.

  • PEPs & Sanctions – this data refers to Politically exposed persons (PEPs) and sanctioned individuals. Regulated businesses legally must run PEPs and sanctions checks as part of their due diligence when onboarding individuals to comply with KYC and AML requirements.

    Sanctions are measures put in place to restrict the activities of individuals or countries. Governments and international organizations maintain and publish these lists, which are used to identify and protect entities against individuals engaged in illegal activities.

    A PEP is someone who is seen as being at a higher than average risk of money-laundering resulting from bribery or corruption due to them holding a high profile position, or proximity to someone in a political position. This could include individuals who are governmental and parliamentary positions, high ranking members of the armed forces and members of high-level judicial bodies.

    GBG has no control over the data presented when an organisation screens against PEPs & Sanctions, therefore cannot suppress this data.

  • Property and Utility data. This is data specific to your property and not you as an individual, such as your address and the property utility service meter identifiers. If you were to move property, this data does not move with you and it must be retained as other individuals would need access to services.

  • Mortality Data – This is not personal data in scope of DPA 2018, but a data register of deceased individuals.

  • GBG’s Audit Trail – If a customer of GBG has completed a check through one of our Products & Services then the audit record of the check will be retained for a maximum period of 12 months, at which point it will be automatically deleted from our database, as published in our Products & Services Privacy Notice https://www.gbgplc.com/products-services-privacy-policy/. GBG retain this personal data in order to fulfil data subject rights.

  • GBG’s Suppression list – To uphold a request you have made to suppress your personal data the GBG or GBG have a lawful reason for doing so, GBG will keep a limited record of your name and address in our suppressions list to ensure the suppression continues to be applied.

  • Any data GBG access via an API call out to a web service - For some GBG Products & Services the data is accessed via a moment in time web service (for example Credit Reference Agency Data) which means GBG does not have visibility of the actual personal data held by this data supplier, therefore it is not viable for GBG to suppress this.

GBG operate a model of continuous improvement as part of our privacy management programme, so where we feel we can make further enhancements, we will.