LONDON (Thomson Reuters Foundation) – When London accountant Arvind Verma got a call in April from someone posing as a salesman for the British retailer Carphone Warehouse, the offer was too enticing to refuse and he saw no reason not to hand over his credit card details.
It wasn’t until the real Carphone Warehouse called that he realised scammers had gained access to his private information in the company’s database and used it to take out a contract with the extra details he had provided.
Now Mr Verma hopes a new European law designed to give people more control over how their data is held and used will stop such scammers in their tracks.
“It’s not uncommon for a company to call you and offer you better services or a better contract and for you to commit to that service over the phone,” he told the Thomson Reuters Foundation.
“What had happened is this (fake) company had gathered as many of my details as possible, called me up to get the rest of the details, and then called up Carphone Warehouse to take a contract out in my name.”
The European Union’s General Data Protection Regulation (GDPR) has been billed as the biggest shake-up of data privacy laws since the birth of the web and is the largest change in data protection law in Europe for more than 20 years.
It gives EU citizens more control over how their personal data are stored and used. Companies breaching the new rules on how they handle people’s data could incur fines of up to 4 percent of their annual revenue.
Carphone Warehouse, which is owned by Dixons Carphone, said it had reviewed how it stored customers’ information ahead of the new law, which comes into effect on May 25.
The mobile phone retailer was fined in January by Britain’s Information Commissioner’s Office for a 2015 cyber attack which exposed the personal data of over 3 million customers.
Under GDPR, companies will have to report serious data breaches within 72 hours and have to be able to provide European customers with a copy of the personal data they hold.
“Citizens will now have greater rights to know what is being held by corporations, organisations,” said Richard Benham, founder of The Cyber Trust, which aims to protect those most vulnerable from cyber fraud.
“They will have the right not only to access that information but also have the right for that information to be deleted if appropriate.”
Businesses around the world have been racing to make sure they comply with the rules, which apply to all companies that do business with Europeans.
The industries most affected will be those that collect large amounts of customer data, including technology companies, retailers, healthcare providers, insurers and banks.
