Just had an odd conversation on the phone with a member of staff at a large optician chain.
At the start of this year we signed up my daughter (then 16) for their contact lens plan, with all the payment info (Direct Debit) linked to my account.
Daughter is not using as many lenses as anticipated (and has now turned 17), so asked me to cancel the regular monthly plan and associated DD.
I just phoned up to cancel the Direct Debit and the member of staff said “Due to GDPR we can’t discuss the account with you!”.
Now I understand that my daughters medical info should be confidential to her under GDPR, but surely the financial info on the account should be classed as my data and not hers?
As things stand I have cancelled the DD via the bank and will get daughter to phone up the opticians next week when she is back from four days walking in the Dales.
Any local GDPR experts care to adjudicate on whether a parent should be able to cancel a direct debit that is in the parents name on a 17 year olds opticians account?