How not to react to a bad review


How not to react to a bad review, read our examples.

A Customer bought a product from a vendor on the Amazon e-commerce platform. The product was defective, so the customer made a claim and also posted a negative review on the vendor’s page.

The vendor threatened to publish the customer’s personal data if they didn’t take away the negative review on their page. The customer didn’t remove the review and the vendor published their name, surnames, address, phone number, husband’s name and phone company’s name.

The competent DPA determined that the vendor had processed personal data without consent, therefore violating Article 6(1) GDPR.

While the initial processing of the personal data was justified for the performance of a contract, and therefore based on Article 6(1)(b), the subsequent processing for making public the personal data of the customer had no legal basis, as it was not necessary for the fulfilment of the initial contract.

DPA found additional breach

The DPA also found a breach of the confidentiality principle, since the data provided by the customer were only meant to be processed within the commercial agreement with the vendor, and not to be made publicly available.

The DPA fined the vendor €4000. In order to determine the amount, the DPA took into account the intentionality of the behaviour, the nature of the infringement, the nature of the harm made to the customer, the means for the infringement, which implies public access, and the categories of data disclosed. As a mitigating factor the DPA took into account the small size of the vendor.

Needless to say, the vendor in question should have known better. When a customer posts what you believe to be an unfair review, you can respond while of course remaining polite, not make any threats and definitely not share any personal information.

Want to learn more about personal data and how GDPR aims to protect it, check out our free knowledge base and youtube channel for some free learning content.

Free GDPR privacy policy test – check if your site is compliant

Wondering if your privacy policy is GDPR Compliant ? We encourage you to perform a quick and free GDPR compliance scan of your privacy policy, simply paste in the link to your privacy policy web page here in our Privacy Policy Checker, and see where you stand with GDPR compliance efforts.