It would seem that the OP has complaints against two TOCs, arising from the same incident [EDIT 8/3/19: That's not actually the case - per the OP's post #68 below, there were two separate issues. So my argument here doesn't follow through.]. If I've got that right, then presumably the OP wants one or both of two things
- for the TOCs to learn their lessons and not repeat the problem;
- for the OP to receive some sort of recompense for the difficulty that they should not have faced.
It seems to me that to meet these aims, each TOC needs to be in possession of as full a picture of what happened as possible. So leaving GDPR out of it for the moment, and also leaving out that TOC A have (in the OP's view) wrongly identified the complaint as being one for TOC B, it is actually in the OP's interest for TOC A to forward information to TOC B.
Let's pause there for a moment, and put ourselves in the shoes of the TOC A complaint handler. Have they acted maliciously in passing information to TOC B? I don't think so. While they have shown a lamentable ignorance of GDPR, and may have misunderstood which TOC the complaint is about, they have tried to help the OP by passing useful information on to the organisation who (in the TOC A complaint handler's opinion) are best placed to help the OP. They have tried to do something nice. And that being the case, it seems a little ungrateful of the OP to now complain about the handling of their complaint.
But we can't leave GDPR out of it - it is part of the law that we live under. And the OP is firm in their belief that TOC A need to deal with their complaint. So the question is how raising a GDPR complaint helps to resolve the initial complaints against TOCs A and B.
I don't see that it does. If the OP's aim is preventing repetition or getting recompense, then they will want both TOCs to have as full a picture as possible - the OP has an interest in information being shared around (which in passing, I don't think is a legitimate interest as a ground for data processing - for legitimate interest to allow data processing, it's the data controller's legitimate interest which is relevant, not the data subject's interest). So it's hard to see that there is any benefit to the OP in drawing GDPR to the TOCs' attention. That must mean that the OP has another motivation. And it may be down to lack of imagination, or a particularly cynical worldview on my part, but the only other motives which leap to my mind are that
- the OP wants to make things difficult for the TOCs, or
- the OP wants to be recompensed to the full by each of the TOCs involved, rather than overall receiving recompense commensurate with the problems faced.
The first of these is an abuse of process: GDPR is there to allow individuals protection of their data, not to let them harass corporations. The second seems like an attempt to enrich the OP beyond recompense, and that, once again, is not what the process is for.
I hope that I just have a particularly jaundiced view of the world today, and look forward to being corrected on the assumptions that I 've made about the OP's motives. But I struggle to see what practical benefit there will be from the OP exercising their GDPR rights.