what is the definitive answer to this area of contention?

Raising another flag - since when does a request to OC mean they post on to the current holder?

I understand that often a CCA is routed back to the OC, as limited data is passed from A to B, but would have thought it is betraying a confidence A telling B/C//Z that you have contacted them.

What else do they pass across?

I think you are looking at this from the wrong perspective.
The purchase of a Debt under CCA includes the rights and duties etc. This is what the CCA request points out. Now the Debt remains between the debtor and the Creditor (Original and or later the Debt Purchaser) .
The information which can be asked for etc.. between the Original Creditor and the Debt Purchaser will be set out in the Assignment.
Now the GDPR is for ALL personal data held it doesn't follow that the Debt Purchaser will be privy to ALL personal Data other than that which pertains to the Debt.
However data between the Debt Purchaser and the Original Debtor that pertains to the Debtor is personal Data and should be reported in GDPR.

With an example the issue may be clearer vizier a GDPR sent to RBS contains a diary note
1/2/15 default
11/3/16 CCJ
11/2/17 Sold 1st Credit
1/7/18 CH GDPR request
20/7/18 despatched
20/7/18 post to 1st Credit

So request sent to OC for personal data they hold. They created a file but did not provide any legal detail re CCJ. Then they told the current DCA that I had been in contact, and maybe passed on the result. Who knows?

The relationship between the OC and the DCA is or will be set out in their Assignment DEED. The DCA is of course entitled to ask for data held about the DCA!
It doesn't follow that their GDPR data sent to the DCA is the same as yours!

The OC however has to give you All the data which applies to you! So they have to tell you that your name! cropped up with the DCA.
CCJ irrespective is in the public domain and available to all and any interested parties. But it doesn't follow that the OC told the DCA that!!!

The GDPR covers the old SAR remember but it doesn't follow that the same info is being sent to different parties!

Disconnect somewhere.

I agree that if the DCA/CO agreement includes a clause stating the DCA must be informed of all contact with/by the debtor, including requests for GDPR, the OC can pass on info. No statement /warning is issued is on the Website site or form for the GDPR request.

Without such a specific clause, why would they?
Where in Original CCA agreement does it state this?
If the CCA Agreement has been terminated with the debtor, how is GDPR request of any concern of the DCA?

CCJ only in the public domain for 6years. But was referring to the fact the GDPR data does not identify correspondence for/during the litigation period. It appears all such info is off record/internal procedure/sub judice or kept off just because.

What will be sent, if anything except for the marker that the debtor has been in contact, is not the point. Just raising alert that the OC contacts the DCA on what should not concern them. It could impact future negotiation with DCA. Worse if otherwise unknown data is transferred. 1984 is here if joined if up systems.

Well the SAR has been absorbed into the GDPR and the beast it seem isn't quite what you might imagine. Time will tell.

So how can we stop the alerts to DCAsand other debt buyers?
​​​​​​
It is perfectly feasible for data to be incorrect, and if passed on without the knowledge/permission of the subject to a 3rd party can also pass it on and on and on. Moreover control of personal data should now be explicit writ high. It defeats the object of giving express permission.

Well the problem has become global.

https://www.forbes.com/sites/bruceup.../#f5e5e285105b
"..

Continuing in the theme of "legal" privilege, it seems from recent experience that we have a hole, out of which no detail is available to an individual. In short, what, when and by whom are files about the subject kept from them using GDPR exclusion?

Some years back there was a block sale of debts from MBNA to Marlin, as described by Ken a previous contributor. His post refers to the fact that he had a CCJ which he was paying via Optima Legal. The buyer on the assignment said to continue paying Optima Legal who were managing the "accounts". At the time it was assumed that this was to avoid the expense of changing the names n the CCJ and CO.

Based on the experience of the GDPR with no information of CCJ, apart from a file note saying passed to Restons and CCJ awarded, it would appear that by using a "law firm" all legal detail stays out of the sphere of GDPR.

Going back to Ken, Optima Legal had all the details of the court proceedings, and these would remain in Optima Legal when the account was sold. As they were part of the "legal" package owned by MBNA for the purpose of obtaining a CCJ and not for managing the account, what is their status? As Marlin has purchased the debt and its rights, will Marlin have access to the claim and other legal details on the MBNA/Optima Legal files.

As Optima continues to manage the "account" what is their relationship to Marlin? Is there any legal privilege?

When Optima is replaced by another "account manager" will their legal files be passed over with the account?