File picture: AP Photo/Wilfredo Lee/AP
INTERNATIONAL - When London accountant Arvind Verma got a call in April from someone posing as a salesman for the British retailer Carphone Warehouse, the offer was too enticing to refuse and he saw no reason not to hand over his credit card details.

It wasn’t until the real Carphone Warehouse called that he realised scammers had gained access to his private information in the company’s database and used it to take out a contract with the extra details he had provided.

Now Verna hopes a new European law designed to give people more control over how their data is held and used will stop such scammers.

“It’s not uncommon for a company to call you and offer you better services or a better contract and for you to commit to that service over the phone,” he told the Thomson Reuters Foundation.

“What had happened is this (fake) company had gathered as many of my details as possible, called me up to get the rest of the details, and then called up Carphone Warehouse to take a contract in my name.”

The EU’s General Data Protection Regulation (GDPR) has been billed as the biggest shake-up of data privacy laws since the birth of the web and is the largest change in data protection law in Europe for more than 20 years.

It gives EU citizens more control over how their personal data is stored and used. Companies breaching the new rules on how they handle people’s data could incur fines of up to 4percent of their annual revenue.

Carphone Warehouse, which is owned by Dixons Carphone, said it had reviewed how it stored customers’ information ahead of the new law, which comes into effect on Friday.

The cellphone retailer was fined in January by Britain’s Information Commissioner’s Office for a 2015 cyber attack which exposed the personal data of more than 3million customers.

Under the GDPR, companies will have to report serious data breaches within 72hours and have to be able to provide European customers with a copy of the personal data they hold.

“Citizens will now have greater rights to know what is being held by corporations and organisations,” said Richard Benham, founder of The Cyber Trust, which aims to protect those most vulnerable from cyber fraud.

“They will have the right to not only access that information but also have the right for that information to be deleted.”

Businesses around the world have been racing to make sure they comply with the rules, which apply to all companies that do business with Europeans.

The industries most affected will be those that collect large amounts of customer data, including technology companies, retailers, healthcare providers, insurers and banks.

For the consumer, analysts say the law will have the added benefit of decreasing the number of marketing emails hitting their inbox. It will be policed by a patchwork of national and regional watchdogs across the 28-nation EU bloc. 

- REUTERS