Bike theft victim blames "bizarre" GDPR rules preventing security staff from revealing who the culprit is

A cyclist whose bike was stolen says that data protection rules are letting the thief get away with the crime, even though security staff identified the perpetrator through CCTV footage.

Kerry Barratt had cycled into Navan town centre in County Meath on the afternoon of Tuesday 16  last week to buy school uniform for her son when her Escaper bike was stolen, reports the Sunday World.

But despite security staff believing they know the identity of the thief, the Gardai [police] are not so sure, meaning that due to what she described as “bizarre” General Data Protection Regulation (GDPR), they are unable to tell her the name of the suspect and the victim has been left frustrated despite numerous attenpts to chase officers.

Ms Barratt told the newspaper: “First of all I spoke to one of the security guards who was extremely helpful but when I asked him would he view the CCTV footage he told me he had to get Garda permission to do so as that was the rule under GDPR.

“I went straight round to the Garda station and spoke with a Ban Garda [female police officer] who gave me the go ahead for him to look at it and I went back and told him.

“In the meantime my dad came down and drove me around for a while hoping we might spot the bike but we had no luck.

“The following day the management and security staff of the centre very kindly rang me and told me they could identify the thief by their clothing but were precluded from telling me who it was because of GDPR.

“Apparently they were entitled to and have told the Gardai, but the feeling there was that the ID wasn't clear.

“One way or another I am still without any transport four days later but the whole thing seems bizarre to me,” she continued.

“It means that people are certain they know who stole my bike but legally they cannot tell me.

“It's a huge inconvenience as I sold my car three years ago to try and do my bit for the environment and now I am left without a pedal to push.

“What's even more frustrating is that I have rang the Garda station dozens of times and sent loads of emails asking them if there have been any developments but nobody answered the phone or replied to my emails,” said Ms Barratt.

“So those who should be helping me seem to be doing nothing and those who want to help me can’t. You couldn't make it up,” she added.

Adopted on 14 April 2016 and enforceable since 25 May 2018, the European Union legislation aims, among other things, to protect and control the rights of individuals in terms of the use of their personal data by commercial organisations, including capturing images through CCTV.

Law enforcement is not specifically included within GDPR, and is therefore considered to be exempt from it, as are personal or household activities and organisations related to national security.