GDPR scams: what to do to protect yourself and if you are a victim?

How to recognize a GDPR scam?

GDPR scams can take many forms.

They can be characterized by an email, a letter or a fax using terms or symbols of the National Commission of Informatics and Freedoms (CNIL) or of a French or European institution (logo of the CNIL, Marianne, tricolor flag, European emblem...).

The scam can also be done through a phone call. In this case, the interlocutor pretends to be a member of the CNIL or a business mandated by the CNIL. In some cases, the number used is the spoofed telephone number of the CNIL (01 53 73 22 22).

In both cases, the contact person offers you a paid service to support your compliance with the GDPR by threatening you with a financial penalty or legal action if you refuse. These scammers can also insist on information about your business or pressure you to pay a bill to correct your situation as soon as possible.

What to do if you are a victim of a scam or attempted scam?

If you are unsure about the message or call:

• Don’t pay money under threat of financial penalty or legal action.
• Verify, in all cases, the identity of your interlocutor and the consistency of the situation.
• raise awareness of this type of threat to your service;
• contact the CNIL or the DGCCRF.

If you have already paid money to the person you are talking to:

• promptly contact your bank to block the transfer or to obtain a return of the funds paid;
• Do not contact your contact person again (even if you are contacted again).
• file a complaint with a police or gendarmerie department or by mail with the Public Prosecutor as soon as the facts have been established;
• contact the CNIL or the DGCCRF.

Useful numbers and sites

• Info Scams: 0 805 805 817;
• SOS Victims: 01 41 83 42 08;
• DGCCRF: 01 44 87 17 17;
• Spam Signal;
• Official portal for reporting illegal content on the Internet.