RODO can be used by associations and organizations operating illegally or on the edge of the law to use blackmail against businesses. Such action may consist, for example, in the exercise of powers by substituted persons - registering in portals, using newsletters, or even concluding contracts. Then such entities, finding a violation in the processing of personal data, or suspicion of such a violation - can commit blackmail against the entrepreneur - demanding, for example, payment of an amount to the association which is a form of 'ransom' for not reporting the violation to the President of the Office for Personal Data Protection (PUODO). It is known that notification to PUODO is a risk of both potential control and administrative proceedings.
We noticed this problem probably as one of the first - back in 2017 - long before the RODO regulations came into force. This is because similar situations occurred in the case of online store terms and conditions - where blackmailers used and exploit the prohibited clauses present in the terms and conditions.
We deal with protection against blackmail on personal data. Our activities are both preventive (audits of personal data and implementation of necessary changes) and follow-up - when there has already been a request for: deletion of personal data, rectification, amendment of personal data, transfer of personal data, or the exercise of the right to be forgotten, or there has simply been a call from an association or other organization.