Scammers are apparently using Deliveroo to clear out bank accounts and the response from the company may be in breach of GDPR on three accounts.
The sixth principle of Article 5, for example, requires companies to have appropriate security in place to keep customers’ financial and other personal data secure. It also appears to have breached Article 32, which provides more detail about what is expected in terms of data security – namely encryption, which appears not to have been in place. Lastly, there’s Article 34, which requires the “data controller” –Deliveroo – to tell anyone who may be affected by a data breach about it without undue delay. This applies when the breach is likely to result in a high risk of an impact on the individual.
Experts Comments Below:
Frans Labuschagne, Country Manager UK&I at Entersekt:
“Today, data breaches are a fact of life. Despite increased focus on the importance of cybersecurity and the tightening of regulations, it still seems as though the way personal data is currently being protected is ineffective.
“The challenge is complex, and part of it lies in the rapid rise of e-commerce and in consumers comfort with sharing their personal data with multiple websites and companies every day. The more widely this sensitive data is shared, the greater the risk that it can be accessed by parties with malicious intent. With more and more services going to digital to contribute to an on-demand consumer culture, the responsibility cannot be shouldered squarely on the consumer.
“Companies need to step up their cybersecurity games and realise that traditional approaches to protecting data clearly do not suffice in the age of digital innovation. Therefore, they need to adapt and make identity protection an active part of a consumer’s financial life.”
