You know GDPR compliance is going to create a whole new form of scam where scammers impersonate users and send data requests to companies to get people's info.

Nice username you got there!

@FrodoSwaggins well part of the GDPR says that users have the right to view all of the data a company has on them.

If someone impersonates another user they could request that all of that users data be sent to them.

Impersonating someone surely requires knowing their password etc. so they'd already be compromised GDPR or not? Honest question.

@con-fig
Not at all.

@Linux well shit a brick. Are there guidelines as to the identification process or is it up to the company?

@con-fig
Is it up to the company actually.
GDPR is also affecting "how the employees work" to a lagre extent too

I agree, especially if a company doesn't require some form of secondary identification

Gdpr 15.3 and 15.4 should ensure that concrete data must not be disclosed without proper identification. 15.1 is only about the general data processing activities, e.g. the purpose and possible receivers of a data transfer.

@Krichel I guess it depends what qualifies as proper identification at any given company then. Because if a company is willing to accept a photocopy of a driver's license or passport as identification both of those documents are very easy to fake when you don't need to replicate the physical security features.