The fraud risk underlying GDPR’s ‘right to be forgotten’

The fraud risk underlying GDPR’s ‘right to be forgotten’

The build up to the GDPR deadline saw an inundation of speculations around whether companies within the EU would be ready to comply with the regulation.
But maybe it’s time to think beyond deadlines and fines, and move on to what a post-GDPR world looks like for customer identity security.

A key tenet of GDPR gives customers the right to be “forgotten”. But, in a cruel twist of fate, the very thing that was to give consumers’ power to demand privacy could lead to a new avenue for identity theft.

When a customer says “forget me”, organisations are faced with a new set of challenges.

Not only do firms have to confirm whether they can in fact delete that data for regulatory or compliance reasons, but they also have to be wary of potential fraudsters.

Once a Subject Access Request is submitted, companies have one month to respond by sharing a copy of all the personal data they hold on the individual. The sensitivity of the data they are being asked to share means that, before companies process deletion requests, they’ll need to ensure that they can effectively verify the identities of individuals who are requesting personal information.


Read More: