Attempted fraud

GDPR scams: what to do to protect yourself and if you are a victim?

Publié le 03 octobre 2022 - Directorate for Legal and Administrative Information (Prime Minister)

Since it came into force in 2018, the General Data Protection Regulation (GDPR) and the compliance it entails have been used to defraud professionals. In view of these practices, the Directorate-General for Competition, Consumer Affairs and Fraud Prevention (DGCCRF) reminds the public of the good behavior to be adopted in the event of attempted fraud.

Image 1
Image 1Crédits: vegefox.com - stock.adobe.com

How to recognize a GDPR scam?

GDPR scams can take many forms.

They can be characterized by an email, a letter or a fax using terms or symbols of the National Commission of Informatics and Freedoms (CNIL) or of a French or European institution (logo of the CNIL, Marianne, tricolor flag, European emblem...).

The scam can also be done through a phone call. In this case, the interlocutor pretends to be a member of the CNIL or a business mandated by the CNIL. In some cases, the number used is the spoofed telephone number of the CNIL (01 53 73 22 22).

In both cases, the contact person offers you a paid service to support your compliance with the GDPR by threatening you with a financial penalty or legal action if you refuse. These scammers can also insist on information about your business or pressure you to pay a bill to correct your situation as soon as possible.

FYI  

Faced with these scams, you should know that the CNIL:

  • never mandate businesses to intervene in repressive proceedings;
  • never asks you for your bank details;
  • never charges for a GDPR compliance service;
  • never requires an invoice to be paid immediately as part of a control.

What to do if you are a victim of a scam or attempted scam?

If you are unsure about the message or call:

  • Don’t pay money under threat of financial penalty or legal action.
  • Verify, in all cases, the identity of your interlocutor and the consistency of the situation.
  • raise awareness of this type of threat to your service;
  • contact the CNIL or the DGCCRF.

If you have already paid money to the person you are talking to:

  • promptly contact your bank to block the transfer or to obtain a return of the funds paid;
  • Do not contact your contact person again (even if you are contacted again).
  • file a complaint with a police or gendarmerie department or by mail with the Public Prosecutor as soon as the facts have been established;
  • contact the CNIL or the DGCCRF.

Useful numbers and sites