GDPR: govt warns against data security scams

Photo: Wright Studio/Shutterstock

Fraudsters in Poland have attempted to cash in on latest EU data protection regulation.

EU data laws have knock-on effect for Polish election monitoring

‘We are aware that the General Data Protection Regulation (GDPR) will require certain modifications to electoral laws or practices,’ Deputy Prime...

see more

The recent entry into force of the General Data Protection Regulation (GDPR), widely considered to be a breakthrough in the field of personal data protection, has now come into the limelight once again, albeit for rather different reasons.

GDPR is a piece of EU legislation on data security and privacy which became a household name virtually overnight due to the volume of emails which began filling inboxes all around the continent as businesses sought to comply with the new regulations.

Recent days, however, also saw a rash of fraud cases whereby scammers would send e-mails containing illegitimate offers ostensibly related to data protection, urging consumers to buy goods or services allegedly intended to ensure compliance with the new law.

A few examples of such fraudulent offers included some rather humorous items such as special padlocks, window bars, security lockers or computer display overlays allegedly required under the GDPR, even though the new regulation imposes no such obligations. Other offers pertained to obligatory training courses or certifications, which are likewise not required to ensure compliance with EU’s latest privacy law.

In some cases, the scam emails would be spiked with malware, so that anyone who opened the message would unwittingly expose their computer to the risk of security breaches or identity theft – something which, ironically, the legislation itself was designed to prevent.

The Polish Digital Affairs Ministry urged consumers to maintain caution and be on the lookout for attempted fraud, adding that particular attention must be paid to any emails or text messages from unverified sources. This is especially true when such messages contain any links or attachments, as those clicking on such links or files could fall prey to the ingenuous data thieves.

Europe’s General Data Protection Regulation (GDPR) has been billed as the biggest revolution of data privacy laws in two decades. It imposes numerous data protection requirements on businesses, with non-compliant companies facing serious fines of up to four percent of the annual revenue. Companies are obliged to provide European users with a copy of their personal data and ensure the “right to be forgotten,” meaning deletion information from the database if such a request is presented.