Tuesday 19th March 2019

European GDPR ‘consultants’ are threatening to report organizations unless they pay 195 EUR

A Dutch organization is sending emails that claim it is able to offer a certificate indicating compliance with the GDPR. It tells webmasters they have 7 days to comply or face being reported to authorities.
Jason Smith
by on 15th June 2018

Dutch GDPR “consultants” are contacting webmasters demanding they pay 195 EUR to bring their websites into compliance with the General Data Protection Regulation (GDPR) or face being reported to authorities, according to a report originally published on Dutch news website Data News.

The organization sending the emails, AVG-Keurmerk, claims target websites’ privacy and cookie policies contravene the EU’s new regulation. It also claims its works closely with Dutch Data Protection Authorities and can offer a “quality mark” certificate indicating compliance.

Dutch regulators have stated this isn’t the case. While organizations can become accredited through the Dutch Accreditation Council, and subsequently offer “AVG certificates” that demonstrate an organization carefully protects and processes personal data, no organizations in the Netherlands are currently accredited and capable of issuing such certificates.

Any organization that is accredited to issue AVG certificates will be listed on the Dutch Accreditation Council’s website. The Dutch Data Protection Authority also states that possessing an AVG certificate won’t necessarily mean an organization is in compliance with the GDPR.

According to the report in Data News, AVG-Keurmerk gives websites 7 days to comply with the new regulation or face being reported to authorities. While AVG-Keurmerk’s website now appears to be offline, it originally showcased profiles on its six employees, none of whom had any legal expertise.

The website reportedly conveyed a professional impression, however it didn’t contain any of its employees full names or a telephone number. Moreover, it didn’t provide any indication as to how it’s qualified to dispense advice on the GDPR.