Personal Information Leakage by Abusing the GDPR 'Right of Access'

Explore a revealing conference talk that exposes vulnerabilities in the GDPR 'Right of Access' implementation. Delve into a study examining 55 organizations' identity verification processes for data access requests, uncovering alarming success rates in impersonating individuals using only forged or publicly available information. Learn about the varied policies and practices across different sectors, the types of sensitive data leaked, and the social engineering techniques exploited. Gain insights into practical policy improvements organizations can implement to enhance data protection and minimize unauthorized access risks. Understand the ethical implications and broader impact of these findings on personal data security in the context of GDPR compliance.