The GDPR (General Data Protection Regulation) is supposed to help individuals keep their information private, but as it turns out, it could also potentially serve to help attackers as well.
In a session at theBlack Hat USAconference in Las Vegas, titled, "GDPArrrrr: Using Privacy Laws to Steal Identities", James Pavur, DPhil student and Rhodes Scholar atOxford University, outlined how he was able to abuse a key component of the GDPR to get access to personally identifiable information for his fiance.
Pavur said that there are multiple exploitable properties of GDPR, that a social engineering attacker could seek to exploit. The first is fear of non-compliance, since GDPR prescribes large fines if there is a violation.
The link for this article located at Infosecurity is no longer available.