One point in the GDPR is that if a user visits your site and subsequently requests the removal of any of his or her data saved on your site, the webmaster is obligated to respond to his or her request.
Scammers then mass email from no-reply addresses of data deletion requests but then invite the webmaster to respond to them through a form located on one of their sites.
With this method, the webmaster is obliged to respond to the scammer and confirm that the data has been removed or request more information if he cannot find it, otherwise he ends up in the wrong and runs the risk that the matter may escalate to the privacy guarantor. Moreover, even if the scammer's email might look suspicious, the webmaster cannot be certain and must respond anyway.
Scammers then use forms to steal webmasters' data and more.
I don't know what one can do about this. What do you suggest to do?
Scammers then mass email from no-reply addresses of data deletion requests but then invite the webmaster to respond to them through a form located on one of their sites.
With this method, the webmaster is obliged to respond to the scammer and confirm that the data has been removed or request more information if he cannot find it, otherwise he ends up in the wrong and runs the risk that the matter may escalate to the privacy guarantor. Moreover, even if the scammer's email might look suspicious, the webmaster cannot be certain and must respond anyway.
Scammers then use forms to steal webmasters' data and more.
I don't know what one can do about this. What do you suggest to do?