A Fridge Failed. The Complaint Went Nowhere. The Data Request Became the Next Dispute.
A fridge breaks down. There is medication in it that needs to stay cold. There is also a paid appliance plan in place, supposedly there for moments like this.
What followed, on the consumer’s account, was a poor practical outcome. The paid route produced delay and an appointment worse than the one the manufacturer had already offered for free.
That is where this case starts. It does not end there.
What follows is a documented account of a complaint that went nowhere, a later verbal GDPR request that became a second dispute, and a designated redress route that raises obvious questions about perceived independence.
Domestic & General was contacted for comment before publication and provided a response, which is reflected in this article.
A note on disclosure. The consumer at the centre of this case is Noel Bradford, host of this podcast. I am covering it for the same reason I would cover any other documented case. The pattern matters more than the individual.
The Service Problem
The timeline is simple.
A Beko fridge failed in January 2026, around seventeen months after purchase. The household had refrigerated medication requirements recorded on the account.
Two routes were available. One through the manufacturer. One through the paid Domestic & General plan. According to the consumer, the paid route involved a long call and an outcome materially worse than the free one.
That is the first issue. A plan costing £302.40 per year appears, on these facts, to have delivered less practical value than the no cost alternative already available.
The consumer proceeded with the manufacturer route. The D&G plan was later cancelled.
Separately, a Consumer Rights Act claim against the retailer, AO.com, resulted in a replacement fridge and a refund of £359. That issue resolved. The D&G complaint did not.
D&G’s Position
D&G now says the following.
It says there is no evidence the customer was promised “emergency cover”, and that no such policy is available from D&G.
It says the sales call agent correctly identified themselves as an employee of the appliance manufacturer, not D&G.
It says the recording shows the correct terms and conditions were given, including accurate information about repair timelines.
It also says no SAR was raised as part of the initial complaint call, that D&G therefore did not obstruct the request, and that a SAR was only raised later and will now be handled appropriately.
Finally, D&G says it cannot provide the initial sales call recording because that call is held by the appliance manufacturer, not by D&G.
Those are clear denials. They need to be reported fairly. They do not, however, end the matter.
The Complaint Did Not Resolve the Matter
A formal complaint was made to Domestic & General.
The issues raised were straightforward. A lengthy hold. An inadequate practical response despite the medical need recorded on the account. An outcome that made the paid route look largely pointless. The consumer also believed the plan had been sold on an understanding that the case would be escalated because of the medical circumstances.
D&G’s complaint handling did not narrow the dispute. It widened it.
On 20 February, a complaints call took place. After validating the caller by confirming name, address, postcode, and email address, D&G discussed the complaint in detail. On that same call, the consumer made a verbal GDPR request for a copy of the sales call, stating that a transcript would be acceptable. :contentReference[oaicite:4]{index=4}
That matters for two reasons. First, D&G was content to validate the caller well enough to discuss the account and complaint in full. Second, the data access issue was already alive by that point, at least in relation to the sales call. :contentReference[oaicite:5]{index=5}
The Verbal GDPR Request
The data issue becomes more interesting a week later.
On 27 February, a D&G complaints handler called back. During that call, the handler asked directly whether the consumer had specifically requested a SAR on the 20 February call. The consumer said yes. Asked what he wanted, he answered plainly: everything. Every call. All notes. The handler said they would check whether that had been logged and, if not, would log it. :contentReference[oaicite:6]{index=6}
That exchange matters.
D&G now says no SAR was raised on the initial complaint call. Yet on 27 February, its own handler appears to proceed on the basis that a SAR may indeed have been raised on 20 February, then asks about scope, and is told that the consumer wants everything, including every call and all notes. :contentReference[oaicite:7]{index=7}
That does not by itself prove D&G’s current position is false. It does show that D&G’s own internal handling of the point was not nearly as clear cut as its later public position suggests. :contentReference[oaicite:8]{index=8}
The Deadlock Letter
The later deadlock letter makes the picture harder, not easier.
In the complaint summary section, D&G says that a full request was made on 20 February and that the consumer had requested copies of all calls and notes. On another part of the same letter, in the findings section, D&G says no full request was made on that call. In that same findings section, the letter then says the calls and system notes have now been requested and will be sent within 30 days. :contentReference[oaicite:9]{index=9}
Those statements do not sit comfortably together.
A company can, of course, distinguish between a narrower initial request and a broader later clarification. But that is not how the deadlock letter reads. As written, it gives conflicting accounts of whether a full request had already been made. :contentReference[oaicite:10]{index=10}
That inconsistency is one of the strongest points in the file.
The Identity Question
The next issue is identity verification.
Under UK GDPR, a Subject Access Request does not need a form or special wording. It can be made verbally. If a controller later wants more information to verify identity, that step has to be reasonable and proportionate. :contentReference[oaicite:11]{index=11}
That is where D&G’s own verification guidance becomes relevant. The guidance says additional address evidence is only needed in specific situations, such as where the address on the ID does not match the address on the system or where the request concerns another address. :contentReference[oaicite:12]{index=12}
Against that background, the later request for more identity evidence raises a legitimate question. D&G had already validated the caller on relevant calls, discussed the account, handled the complaint, and sent formal written correspondence to the home address. Why did the data request require a further identity step at that stage?
D&G may say the answer lies in timing, scope, or control of the sales call itself. That is possible. But the question remains a fair one.
An ICO complaint is now active in relation to the handling of the request.
The Dispute Route
D&G’s rejection letter directed the consumer to Flexible Resolution Services, described as an independent dispute resolution body approved by the Chartered Trading Standards Institute. :contentReference[oaicite:14]{index=14}
FRS explains its funding model in its FAQ. It says it is funded by fees and subscriptions from the suppliers using the scheme, with a fee paid per case reviewed regardless of outcome. That does not prove bias. It does raise a serious question about perceived independence. A body presented to consumers as the next stage of redress is financially supported by the supplier side of the market whose complaints it is supposed to adjudicate. (flexibleresolutionservices.co.uk)
I am not suggesting that FRS sets out to favour D&G. I am saying the funding structure creates an obvious tension. Formal approval and perceived independence are not the same thing.
Why the Statutory Routes Matter More
There is an important difference between a private ADR route and a statutory public one.
The ICO is the statutory regulator for data protection in the UK. If a company has unlawfully blocked or mishandled access to personal data, the ICO is the body with the authority to examine that issue.
The Financial Ombudsman Service is an independent public body established by Parliament under the Financial Services and Markets Act 2000. It is a statutory scheme with binding decision making powers if the consumer accepts its final decision. It is free for consumers to use and funded through levies and case fees paid by businesses. (financial-ombudsman.org.uk)
A complaint has also been made to the Financial Ombudsman in this case.
What This Case Still Shows
It is important to be precise.
I am not saying D&G definitely promised emergency cover.
I am not saying the initial sales call agent definitely presented themselves as D&G.
I am not saying D&G has no answer at all to the timing of the SAR.
What I am saying is narrower than that, and stronger.
In this case, the paid route appears to have delivered a worse practical outcome than the free one. The complaint process did not resolve the substance of the consumer’s concern. A verbal GDPR request for the sales call was made on 20 February. On 27 February, D&G’s own handler asked whether a SAR had been made and discussed the scope on the basis that it had. The later deadlock letter then gave conflicting accounts of the request. And the subsequent identity step remains difficult to understand in light of the earlier validation and D&G’s own guidance.
That combination matters, even if one accepts every part of D&G’s latest denial on the sales call itself.
If You Are in a Similar Position
If you land in a similar situation, the sequence matters.
Document everything as it happens. Times, dates, names, hold durations, what was offered, and what was promised.
Make the data request early and plainly. Ask for calls, notes, complaint records, and internal material tied to the case. If you do it on the phone, say clearly that you want your personal data and ask for the request to be recorded.
Keep the complaint and the SAR separate in your own mind. A complaint is about outcome and service. A SAR is about access to records. One is not a substitute for the other.
Use statutory routes where necessary. The ICO and the Financial Ombudsman Service carry legal weight that a supplier funded dispute scheme does not.
What Businesses Should Learn
Every organisation handling personal data will eventually receive a Subject Access Request. Too many still treat it as a nuisance rather than a legal right. That is how straightforward compliance issues become public case studies.
The standard is not perfection. It is reasonableness. If you genuinely need more information to verify identity, ask for it and explain why. If you do not, do not build a barrier and call it caution.
If your customers need to escalate to the ICO just to get access to their own records, something has already gone badly wrong inside your process.
Build the SAR response before the complaint arrives. Not after.
Sources
| Source | Reference |
|---|---|
| Information Commissioner’s Office | How Do We Recognise a Subject Access Request? |
| Information Commissioner’s Office | How Do We Verify the Identity of Someone Making a Subject Access Request? |
| UK Legislation | Data Protection Act 2018 |
| UK Legislation | Consumer Rights Act 2015 |
| Flexible Resolution Services | Funding and FAQ Information |
| Chartered Trading Standards Institute | Approved Alternative Dispute Resolution Bodies |
| Financial Ombudsman Service | Governance and Funding |
Related posts:
- Your Data, Their Delay: What the ICO Can Actually Do About GDPR Violations
- Why Appliance Insurance Is Not the Same as Consumer Rights
Domestic & General was contacted for comment before publication and its response has been reflected in this article. This article is based on documented personal experience and publicly available regulatory information. It is not legal advice. The consumer at the centre of this case is Noel Bradford, host of The Small Business Cyber Security Guy podcast.