GDRP Removal Request

SOLVE
Highlighted
Occasional Contributor

This isn't a technical question, but I'm hoping someone can help.

 

We're a US-based company what doesn't do business in the EU. Today, someone filled out our contact form with the following in the comment field:

 

Hi, I am concerned that your company’s information security practices may be putting my personal information at undue risk of exposure or in fact has breached its obligation to safeguard my personal information. I withdraw my consent on processing my personal data for one or more specific purposes under point (b) of Article 17(1) of the General Data Protection Regulation (EU) 2016/679. Additionally I object on grounds relating to the processing of my personal data under Article 21 of the General Data Protection Regulation (EU) 2016/679. I am requesting that your company permanently delete all personal information/accounts pertaining to my person from your systems, furthermore please opt-out my person from future data collections. I would like you to be aware at the outset, that I anticipate a reply to my request within one month as required under Article 12 of the General Data Protection Regulation (EU) 2016/679, failing which I will be forwarding my inquiry with a letter of complaint to the European Commission. 

 

This person wasn't a previous contact. They used a Switzerland (.ch) email address, yet registered with a Tuscson AZ mailing address and phone. HubSpot identified the state IP as California. This smells like a scam, but I'm not sure what this person has to gain.

 

If anyone has experienced something similar, I'd like to hear about it.

Reply
0 Upvotes
1 Accepted solution

Accepted Solutions
Advisor
4 Replies 4
Advisor

Disclaimer- I don't know much about GDPR beyond the basics and can't give you an answer.

 

I'm curious what's going on here as well. Like you I can't see what the upside for a scammer would be. I would think that if everything was US-based (phone, address, IP) except the email (which you could VPN to get) he'd be out of the scope since you'd have no way to know where he is outside of the data mentioned above. Especially after removing him from your database how would you maintain an opt-out list? Him submitting this comment probably gave you more info on him than you had before, odd. 

 

@MFrankJohnson any insights on the scope of GDPR or how to handle these requests?

Reply
0 Upvotes
Community Thought Leader

Haven't experienced anything similar, so nothing to add. Sounds nonsensical.

#nlmtt

 

Hope that helps.

 

Best,
Frank

 

MFrankJohnson-dot-com-HubSpot-Community-banner-gif-v20190817

Reply
0 Upvotes
Advisor
Occasional Contributor

I have read the GDPR playbook, but the first article was helpful. Thanks!

Reply
0 Upvotes