GDPR conformity con tricks

23.7.2018

Question for written answer E-004117-18
to the Commission
Rule 130
Rachida Dati (PPE)

The General Data Protection Regulation (GDPR) entered into force on 25 May 2018, two years after being adopted. EU citizens’ data is now better protected than in any country or group of countries, and the GDPR is being touted as an example by many public figures and experts in the digital field.

Following the entry into force of the regulation, dozens of e‐mails were sent to every Internet user, requesting authorisation to process their personal data. At the same time, all private sector organisations had to take the necessary steps to conform to GDPR requirements.

Conmen and cybercriminals have exploited this GDPR-driven paradigm shift by creating new ransomware software to extort money from the vast numbers of companies that are still to comply with the GDPR. Another kind of con consists of playing on the fear of receiving fines by invoicing for bogus compliance operations.

1. Is the Commission aware of these illegal practices?2. Does it plan to raise awareness among companies and individuals of these con tricks in connection with the GDPR?