[mijamo]

Doesn't need to be a database, a simple spreadsheet or text file would do as well.

And you would be surprised to know how frequent those are (not necessarily about Twitter but in general about customers/employees/visitors in shops etc.)

[DoubleGlazing]

Or just an email message mentioning the person. That's why I brought up the GDPR in the first place. My wife knew someone who was complaining against his insurance company, they were blanking him. So he put in a subject access request and in all the stuff he got back was an instruction sent to all customer service staff via email telling them to block him if he ever tried to contact them via social media.

The above happened under the 1995 DPD regime, the GDPR would probably be even more useful.

[nicky0]

What about a hand written note. Does GDPR cover that?