Companies have been told to stay alert for GDPR ‘chancers’ who deliberately try to identify data breaches in a bid to try and get compensation.
Jan Trevalyan, co-founder and CEO of the DDC Group of companies, says it’s inevitable that some people will attempt to cash in on Europe’s new data privacy law, which came into effect on May 25th 2018.
“I think you will get ‘chancers’; there will be people breaking the law down and looking at different angles to make a case,” he told BusinessCloud. “I don’t know how they’ll make money on it…but I do think it’s inevitable.
“We all used to get emails from ‘Nigeria’ promising us millions. In the last two months I’ve started to get emails from ‘courier companies’ about getting my package back. When you click on the link they ask you for two dollars.”
Companies found breaching the GDPR legislation could be fined up to €20 million or 4 per cent of its annual global turnover.
Paul Knight, partner at law firm Mills & Reeve, agrees that some people will deliberately try to identify data security breaches to claim money directly from a company.
“I think there will be people testing the waters,” he said. “There will undoubtedly be data security breaches happening every day in lots of different organisations, most of which will be very low risk and should be low profile.
“But I think – as much as it pains me to say it – there will be people who are riding on the back of that and testing the waters to see if there’s a data protection breach and try to get compensation.”
Knight’s advice to businesses is to make sure they’re still following all the policies and procedures they put in place in the run up to the GDPR’s 25th May deadline.
“Secondly, it’s making sure that whatever they’re doing, they’re only collecting personal data that’s necessary for what they want to do and only storing it in particular, secure places,” he said.
“The whole point with GDPR is that you have to provide a lot more information, making it easier for people to test whether you are compliant.
“You don’t need to be that unscrupulous as a ‘chancer’ – you can just be exercising your rights under the GDPR and causing a headache for people.”
Knight and Trevalyan were speaking at BusinessCloud’s ‘Don’t let GDPR be a straitjacket’ roundtable alongside Mel Carlen, head of IT services at Moneypenny; UKFast’s marketing director Kristina McGuirk and head of legal Nicola Frost; and Elizabeth Clark, co-founder and CEO of Dream Agility.