- Popular
- Most Talked-About

Report

Online Threat Alerts (OTA)

An anti-cybercrime community alerting the public to web or internet threats.

Online Threat Alerts (OTA)»

The "GDPR Notification from the UK Non Compliance Register" Scam

Save
Comments: 47
Views: 6,850
Updated: December 18, 2018 2018-12-18T23:04:03
Date: December 6, 2018 2018-12-06T09:15:47

The "GDPR Notification from the UK Non Compliance Register" email below appears to be a fake. The email was sent to us with a broken link that should go to a so-called "UK Non Compliance Register" website. But, the website doesn't exist. Also, the website that is associated with the email address the message was sent from, was registered 8 days ago in Panama.

The "GDPR Notification from the UK Non Compliance Register" Scam

To the DPO of www.onlinethreatalerts.com. You are on The GDPR Non Compliance Register

Thu 06/12/2018 09:27

From: "Attention of the DPO: Action Pending Against You" [noncompliance@chatsworthdatacorp.info]

Notification from the UK Non Compliance Register.

To the Data Protection Officer of www.onlinethreatalerts.com.

It has come to our attention that your company is not GDPR compliant.

As your company is not GDPR compliant your company has now been entered onto the Non Compliance Register.

Your company is under review and may be reported to the ICO for non GDPR compliance.

Please go to www.noncomplianceregister.co.uk and enter your company name into the search box.

You will see listed on the page the actions that may now be taken against your company for non GDPR compliance.

This page may also begin to show on the search engines when your company is searched for.

The Non Compliance Register is a FREE public service that is available to any member of the public.

The public can search the register to see if a company can be trusted to store their data securely before they give that company their personal data.

This email has been sent to inform you that you are on the non compliance register.

There is no need to reply to this email.

Disclaimer: This communication is not a business communication and can be legally sent. It is a notification to advise you of action taken against you. There is no personal data involved with this communication. The Non Compliance Register does not hold any personal data and displays only information that is already in the public domain and can be accessed and stored legally by any person who searches the ICO fee payers register for DPO’s and as such does not fall under the GDPR compliance law or the 1998 European Data Protection Act. It is a pubic service that is free of charge.

Now, why is a GDPR email that should come from a website registered in the European Union, coming from chatsworthdatacorp.info, which has no website, is registered in the Caribbean, and not in the EU? The answer, it must be a scam or some scare tactics.

And, I cannot find a "UK Non Compliance Register" anymore on the Internet, it appears it does not exist.

Note: Some of the names, addresses, email addresses, telephone numbers or other information in samples on this website may have been impersonated or spoofed.

Please share what you know or ask a question about this article by leaving a comment below. Also, check the comment section below for additional information, if there is any.

Remember to forward suspicious, malicious, or phishing email messages to us at the following email address: info@onlinethreatalerts.com

Also, report missing persons, scams, untrustworthy, or fraudulent websites to us. Tell us why you consider the websites untrustworthy or fraudulent.

If you want to quickly find answers to your questions, use our search engine.

You can help maintain Online Threat Alerts (OTA) by paying a service fee. Click here to make payment.

Comments, Questions, Answers, or Reviews

(Total: 47)

To help protect your privacy, please do not post or remove, your full name, telephone number, email address, username, password, account number, credit card information, home address or other sensitive information in or from your comments, questions, or reviews.

The comments or reviews below do not necessarily reflect the views of Online Threat Alerts.

June 17, 2019 at 5:53 AM by an anonymous user from London, England, United Kingdom
2nd email:
"UK Data Protection Officers Directory info@ukdpod.com via aweber.com
10:51 (13 minutes ago)
to me
UK Data Protection Officers Directory
For the owner of E****** Plc,
Thank you for your requesting the list/s of qualified Data Protection Officers in your area.
Here are the qualified Data Protection Officers available in your area.
For Data Protection Officer and GDPR compliance assistance please contact the Data Protection Officer/s below:
Name:
Graham Goodman FDPOA
Qualifications:
Fellow of the Data Protection Officers Association (DPOA) www.thedpoa.com with 16 Years in IT and Data Protection Management
Current Job Title:
Data Protection Officer Manager for Rockwell Data corp. www.rockwelldatacorp.com
Time with company:
15 Years
Telephone:
07704 293 767
Email:
graham.goodman@rockwelldatacorp.com
There is no need to reply to this email.
Disclaimer: Each Data Protection Officer has been screened by the UK Data Protection Officers Directory but any communication or liability is the responsibility of the communicator and not the UK Data Protection Officers Directory. This communication is not a business communication and can be legally sent. There is no personal data involved with this communication. The UK Data Protection Officers Directory does not hold any personal data and displays only information that is already in the public domain and can be accessed and stored legally by any person who searches the ICO fee payers register for DPO’s and as such does not fall under the GDPR compliance law or the 1998 European Data Protection Act. It is a public service that is free of charge.
The UK Data Protection Officers Directory
PO Box 397
London London SW1V 3NX
UNITED KINGDOM
------------------------------------------------------------------
Scan of Rockwelldatacorp:
https://www.hybrid-analysis.com/sample/14b9212b83ab876c71372d88d933ed521c800435e87b8e039aaae04e36c8c923/5d07667d028838bd5e3666aa
This scan is showing evidence of command and control protocols attempts.
Scan of thedpoa.com:
https://www.hybrid-analysis.com/sample/ee17abecf8d8485147d93c470a4a8a3929603d120eab2c9f8441df345697d2bf/5d076ac20388380f673666aa"
No command and control picked up on this one, but still a load of malicious indicators, and a lot more connections to other malicious pages.
remove
June 17, 2019 at 4:20 AM by an anonymous user from London, England, United Kingdom
The unsubscribe button doesn't look too good either...
remove
June 17, 2019 at 4:08 AM by an anonymous user from London, England, United Kingdom
Here's what you get if you reply:
"For the owner of Epaton plc. The Data Protection Officer Questionnaire.
Inbox
x
UK Data Protection Officers Directory info@ukdpod.com via aweber.com
10:05 (1 minute ago)
to me
UK Data Protection Officers Directory
For the owner of E***** plc,
Thank you for taking the time to check if you need to be registered as a Data Protection Officer with the Information Commissioners Offcie (ICO)
Please click on the link below to go to the questionnaire to find out if you need to become a Data Protection Officer as required by the GDPR compliance law of 25th May 2018
https://ico.org.uk/for-organisations/does-my-organisation-need-a-data-protection-officer-dpo/
If, after finishing the questionnaire you find that you need to appoint a Data Protection Officer (DPO) for your business or organization YOU MUST review the guild lines for Data Protection Officers.
To do this please click on the link below:
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-law-enforcement-processing/accountability-and-governance/data-protection-officers/
This ICO link will explain what are the legal responsibilities for Data Protection Officers and what qualifications they will need BEFORE they are appointed as a Data Protection Officer for your company.
Important: Appointing yourself or someone in your organization who is not properly qualified or who understands the legal obligations of being a Data Protection Officer can lead to serious consequences for you and your business.
Being a Data Protection Officer is a serious responsibility and failure to comply with the standards set can lead to fines and prosecution.
We recommend that you consider appointing a professionally trained Data Protection Officer to perform the tasks required to keep your business and your clients data safe from data breaches.
If you would like a list of qualified Data Protection Officers who are available in your area please press here and we will send this list to you.
There is no need to reply to this email.
Disclaimer: This communication is not a business communication and can be legally sent. There is no personal data involved with this communication. The UK Data Protection Officers Directory does not hold any personal data and displays only information that is already in the public domain and can be accessed and stored legally by any person who searches the ICO fee payers register for DPO’s and as such does not fall under the GDPR compliance law or the 1998 European Data Protection Act. It is a public service that is free of charge.
The UK Data Protection Officers Directory
PO Box 397
London London SW1V 3NX
UNITED KINGDOM
Unsubscribe | Change Subscriber Options
It then sends a new email via the press here to guild-of-dpo@europe.com again with 'Please send to me a list of qualified Data Protection Officers' as the subject."
remove
June 17, 2019 at 2:48 AM by an anonymous user from London, England, United Kingdom
I've replied via a dummy email, they're automatic replies set up so lets see if they send anything malicious over.
From: <non-gdpr-reply@europe.com>
Date: Mon, 17 Jun 2019 at 08:45
Subject: Auto-Reply
Thank you for your request.
We will send your report shortly.
There is no need to reply to this email
remove
January 13, 2019 at 1:52 PM by an anonymous user from Edinburgh, Scotland, United Kingdom
I got a scam email from: nongdprcompliance@lancasterdatasender.info
Replied "suck my..." but it bounced back from ukguildofdpo@hotmail.com
remove
January 13, 2019 at 1:48 PM by an anonymous user from Edinburgh, Scotland, United Kingdom
scam from: nongdprcompliance@lancasterdatasender.info
remove
January 10, 2019 at 9:13 AM by info
The scammers are using this email address:
The GDPR Compliance Directory <nongdprcompliance@qualisdatacorps.info>
remove
January 8, 2019 at 9:18 AM by info
Here is another scam:
-----Original Message-----
From: UK GDPR Compliance Directory Notification <nongdprcompliance@lancasterdatasender.info>
Sent: 08 January 2019 02:21
Subject: To the Data Protection Officer of www.langaria.co.uk. You are on the UK GDPR Compliance Directory
Notification from the
UK GDPR Compliance Directory
To the Data Protection Officer of www.langaria.co.uk
It has come to our attention that your company is not GDPR compliant.
As your company is not GDPR compliant as required by the GDPR compliance law passed on 25th May 2018, your company is now being listed on the UK GDPR Compliance Directory with a Negative Listing for not being GDPR compliant.
The public can now search the GDPR Compliance Directory to see if your company can be trusted to store their data securely before they give you their personal data.
The UK GDPR Compliance Directory is a FREE public service that is available to any member of the public to see which companies are GDPR compliant.
Request a report
To see why you have been entered onto the register with a Negative Listing PRESS HERE <mailto:non-gdpr-reply@europe.com?subject=Please send to me the GDPR Non Compliance Report.> and we will send the report to you.
On the report you will see listed why you are NOT GDPR compliant and how to receive a Positive Listing.
It will also detail any potential dangers to you and your company for not being GDPR compliant.
This email has been sent to you as the Data Protection Officer to notify you that your company has a Negative Listing on the UK GDPR Compliance Directory.
There is no need to reply to this email.
Disclaimer: This communication is not a business communication and can be legally sent. It is a notification to advise you of action taken against you. There is no personal data involved with this communication. The UK GDPR Compliance Directory does not hold any personal data and displays only information that is already in the public domain and can be accessed and stored legally by any person who searches the ICO fee payers register for DPO’s and as such does not fall under the GDPR compliance law or the 1998 European Data Protection Act. It is a public service that is free of charge.
remove
- June 17, 2019 at 2:45 AM by an anonymous user from London, England, United Kingdom
  I got this one too, I've replied back via a dummy email to see what they send. I expect a dodgy PDF.
  remove
January 8, 2019 at 7:22 AM by an anonymous user from Newbury, England, United Kingdom
I have just spoken to someone on the live chat on ICO website as we had same email, they said if you forward your emails onto casework@ico.org.uk then they will investigate as they are the only commissioned office to deal with GDPR
remove
January 8, 2019 at 5:12 AM by an anonymous user from London, England, United Kingdom
nongdprcompliance@qualisdatacorps.info
Received the same email today from the above, stating we are on a non-compliance register, which is not true
Great to see this scam is being highlighted and shared
remove
January 8, 2019 at 4:03 AM by an anonymous user from London, England, United Kingdom
Same e-mail. No answered, forwarded to your address above. Thanks for confirmation of dodgy crap.
remove
January 8, 2019 at 3:50 AM by an anonymous user from London, England, United Kingdom
Received a similarly worded email this morning and it's from nongdprcompliance@qualisdatacorps.info
remove
January 8, 2019 at 2:59 AM by an anonymous user from Seville, Andalusia, Spain
I've just received that same mail today concerning my website, almost completely written in Spanish).
It was sent to a valid email address, but to a private one -my own email address, not to one of the email addresses listed on my website for a contact or anything else.
remove
January 4, 2019 at 7:37 AM by an anonymous user from London, England, United Kingdom
Anyone report follow-up from this scam? I'd be very interested to see what happens if someone replies...
remove
January 3, 2019 at 3:47 AM by an anonymous user from Leeds, England, United Kingdom
you have to love their last line ". It is a pubic service that is free of charge."
remove
December 22, 2018 at 7:29 AM by an anonymous user from Rochdale, England, United Kingdom
Got the same email. 2 email addresses,
nongdprcompliance@lancasterdatasender.info
and
nongpdr-reply@europe.com
Wasted my morning checking to see if it was fake!
remove
- December 24, 2018 at 10:31 AM by an anonymous user from London, England, United Kingdom
  nongdprcompliance@xartondataservice.info
  me too not sure why I received this or why someone would bother sending out scam emails.
  remove
December 19, 2018 at 7:46 AM by an anonymous user from London, England, United Kingdom
Same here...
email sent from zertondatacorpservices.info
email goes to nongdpr-reply@europe.com
remove
- December 20, 2018 at 2:28 AM by an anonymous user from Eastleigh, England, United Kingdom
  yesterday, the 19th, same came in via xartondataservice.info
  remove
December 19, 2018 at 5:32 AM by an anonymous user from London, England, United Kingdom
Received this email 16th dec 2018. Not nice
remove
December 18, 2018 at 8:08 AM by an anonymous user from Reading, England, United Kingdom
Being bombarded with this email :/
remove
December 18, 2018 at 5:29 AM by an anonymous user from Norwich, England, United Kingdom
We also got this from nongdprcompliance[at]zertondatacorpservices.info. The click here to register link points to an email address:
nongdpr@europe.com
remove
December 18, 2018 at 3:39 AM by an anonymous user from Walton on Thames, England, United Kingdom
I received a similar thing from gdprnoncompliance2018@hotmail.com
remove
December 17, 2018 at 10:04 AM by an anonymous user from London, England, United Kingdom
We received the same one from nongdprcompliance@lancasterdatasender.info
remove
December 17, 2018 at 2:56 AM by an anonymous user from Birmingham, England, United Kingdom
Received this:
"Notification from the UK Non Compliance Register.
To the owner of www.
It has come to our attention that your company is not GDPR compliant.
As your company is not GDPR compliant your company has now been entered onto the Non Compliance Register for the UK.
Your company is under review and may be reported to the ICO for non GDPR compliance as required by the GDPR compliance law passed on 25th May 2018
The Non Compliance Register is a FREE public service that is available to any member of the public.
The public can search the register to see if a company can be trusted to store their data securely before they give that company their personal data.
To see why you have been entered onto the Non Compliance Register PRESS HERE <mailto:non-gdpr-reply@europe.com?subject=Please send to me the GDPR Non Compliance Report> and we will send the report to you.
You will see listed on the report the actions that may now be taken against your company for non GDPR compliance.
This email has been sent to inform you that you are on the UK Non Compliance Register.
There is no need to reply to this email.
Disclaimer: This communication is not a business communication and can be legally sent. It is a notification to advise you of action taken against you. There is no personal data involved with this communication. The Non Compliance Register does not hold any personal data and displays only information that is already in the public domain and can be accessed and stored legally by any person who searches the ICO fee payers register for DPO’s and as such does not fall under the GDPR compliance law or the 1998 European Data Protection Act. It is a pubic service that is free of charge."
remove
- December 18, 2018 at 8:10 AM by an anonymous user from Reading, England, United Kingdom
  I've had the same email x 3 now but with different senders from California to Europeans countries :/
  remove
December 16, 2018 at 8:00 PM by info
Received the same fake email from: nongdprcompliance@zertondatacorpservices.info
remove
December 16, 2018 at 7:14 AM by info
Here is another scam:
"From: "To the DPO: Pending Action for Non GDPR Compliance" <nongdprcompliance@qualisdatacorps.info>
Date: 14 December 2018 at 05:30:13 GMT
Subject: Action Against the DPO of [] You are on The GDPR Non Compliance Register
Reply-To: "To the DPO: Pending Action for Non GDPR Compliance" <gdprnoncompliance2018@hotmail.com>"
remove
December 15, 2018 at 10:04 AM by an anonymous user from London, England, United Kingdom
They are also using this email address: nongdprcompliance@qualisdatacorps.info
remove
December 14, 2018 at 11:02 AM by info
They are using this email address: nongdprcompliance@vectordataservices.info
remove
December 14, 2018 at 8:49 AM by info
Received the same scam:
"From: "To the DPO: Pending Action for Non GDPR Compliance" <nongdprcompliance@lancasterdatasender.info>
Subject: Action Against the DPO of You are on The GDPR Non Compliance Register
Date: 14 December 2018 at 05:42:50 GMT
Reply-To: "To the DPO: Pending Action for Non GDPR Compliance" <gdprnoncompliance2018@hotmail.com>"
remove
December 14, 2018 at 8:06 AM by info
They are using this email address: registernoncompliance@hotmail.com
remove
December 12, 2018 at 3:37 PM by an anonymous user from London, England, United Kingdom
Also received an email from these people but with a different email/domain address
mailto: noncompliance@vectordataservices.info
and guess what the following info appeared on WHOIs:
"Domain Name: VECTORDATASERVICES.INFO
Registry Domain ID: D503300000334750424-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2018-11-28T23:28:55Z
Creation Date: 2018-11-28T23:21:13Z
Registry Expiry Date: 2019-11-28T23:21:13Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: 1.6613102107
Registrant Organization:
Registrant State/Province: Panama
Registrant Country: PA"
Why would a UK Government agency register their domain name in Panama?
remove
December 12, 2018 at 8:03 AM by info
Receive:
"From: "Action Pending Against You: The UK Non GDPR Compliance Register" <noncompliance@zertondatacorpservices.info>
Subject: To the owner of www.thehormonaltherapist.co.uk You are on The GDPR Non Compliance Register
Date: 11 December 2018 11:34:49 GMT
Reply-To: "Action Pending Against You: The UK Non GDPR Compliance Register" <registernoncompliance@hotmail.com>"
remove
December 12, 2018 at 8:01 AM by info
Received:
"From: Action Pending Against You: The UK Non GDPR Compliance Register <nongdprcompliance@vectordataservices.info>
Sent: 12 December 2018 09:49
Subject: To the owner of [] You are on The GDPR Non Compliance Register"
remove
December 11, 2018 at 9:19 AM by info
Here is another scam:
"From: Action Pending Against You: The UK Non GDPR Compliance Register [mailto:noncompliance@xartondataservice.info]
Sent: 11 December 2018 01:55
Subject: To the owner of You are on The GDPR Non Compliance Register
Notification from the UK Non Compliance Register.
To the owner of
It has come to our attention that your company is not GDPR compliant.
As your company is not GDPR compliant your company has now been entered onto the Non Compliance Register for the UK.
Your company is under review and may be reported to the ICO for non GDPR compliance as required by the GDPR compliance law passed on 25 May 2018
The Non Compliance Register is a FREE public service that is available to any member of the public.
The public can search the register to see if a company can be trusted to store their data securely before they give that company their personal data.
To see why you have been entered onto the Non Compliance Register PRESS HERE and we will send the report to you.
You will see listed on the report the actions that may now be taken against your company for non GDPR compliance.
This email has been sent to inform you that you are on the non compliance register.
There is no need to reply to this email."
remove
December 10, 2018 at 10:19 AM by info
Here is another scam:
"From: Action Pending Against You for Non GDPR Compliance <noncompliance@xartondataservice.info>
Sent: 07 December 2018 16:37
Subject: To the owner of [] You are on The GDPR Non Compliance Register"
remove
December 8, 2018 at 8:18 AM by info
Got the same:
-------- Original message --------
From: Action Pending Against You for Non GDPR Compliance <noncompliance@zertondatacorpservices.info>
Date: 08/12/2018 01:45 (GMT 00:00)
Subject: To the owner of [] You are on The GDPR Non Compliance Register
remove
December 8, 2018 at 7:54 AM by an anonymous user from Edgware, England, United Kingdom
Yep - received exactly the same email from:
"Action Pending Against You for Non GDPR Compliance <noncompliance@lancasterdatasender.info>
To see why you have been entered onto the Non Compliance Register PRESS HERE and we will send the report to you. - The PRESS HERE link opened a new google Tab !!!"
I guess I will just ignore this.
remove
- December 8, 2018 at 9:27 AM by info
  Yes, just ignore them.
  remove
December 8, 2018 at 7:16 AM by an anonymous user from London, England, United Kingdom
Same scam email from: zertondatacorpservices.info
The majority of emails we get nowadays are related to scams.
This is having such an effect on our business that we are returning to paper-based procedures.
Projecting these problems forward a few years and we will hit a point where email and ebusiness is no longer viable for all companies.
I'm afraid it's long overdue for governments to step in and fully regulate the internet otherwise it will completely fail.
It's a real concern that the UK government are 'making tax digital' when trust in ebusiness systems is rapidly diminishing - take a look at the what the O2 debacle has done to hundreds of small businesses in the last day or two if you think this is OTT.
remove
December 8, 2018 at 6:33 AM by info
Received the same via email:
"From: Action Pending Against You for Non GDPR Compliance <noncompliance@zertondatacorpservices.info>
Reply-To: Action Pending Against You for Non GDPR Compliance <registernoncompliance@hotmail.com>"
remove
December 7, 2018 at 7:00 AM by an anonymous user from Edgware, England, United Kingdom
We've had these being delivered to various obvious contact email addresses like info@ourwebsitename or admin@.... etc.
Haven't followed any link but an obvious hoax because how can they possibly know if we are compliant or not? They don't have access to our in house compliance procedure and they don't even address the issue to the email address that we registered with the ICO.
The problem with this scam would seem that if you did follow a link that worked and entered your company name you are submitting your company to a register that may then be made public. You're effectively filling in the details for the scammers.
Additionally if anyone can access this public register then whenever a name is searched for it will automatically be added to the "non compliance register".
A dirty scam and we can all thank the big companies that made the GDPR law necessary and so costly for the small guys struggling to get a foot in the door.
It's hard enough to comply without having to deal with S**T like this!
remove
December 7, 2018 at 4:32 AM by info
I got another one from: noncompliance@qualisdatacorps.info
remove
December 7, 2018 at 4:31 AM by info
Here is another scam:
"From: Action Pending Against You for Non GDPR Compliance <noncompliance@vectordataservices.info>
Sent: 07 December 2018 03:46
Subject: To the owner of You are on The GDPR Non Compliance Register
Notification from the UK Non Compliance Register.
To the owner of.
It has come to our attention that your company is not GDPR compliant.
As your company is not GDPR compliant your company has now been entered onto the Non Compliance Register for the UK.
Your company is under review and may be reported to the ICO for non GDPR compliance as required by the GDPR compliance law passed on 25 May 2018
The Non Compliance Register is a FREE public service that is available to any member of the public.
The public can search the register to see if a company can be trusted to store their data securely before they give that company their personal data.
To see why you have been entered onto the Non Compliance Register PRESS HERE and we will send the report to you.
You will see listed on the report the actions that may now be taken against your company for non GDPR compliance.
This email has been sent to inform you that you are on the non compliance register.
There is no need to reply to this email.
non-gdpr-reply@europe.com"
remove
December 7, 2018 at 2:51 AM by an anonymous user from London, England, United Kingdom
Received the same email from noncompliance@vectordataservices.info except it also had a link, in the form of 'to see why you have been entered on to the register CLICK HERE'
remove

Show More Comments (47)

Show all Comments

Write Your Comment, Question, Answer, or Review

Write your comment, question, answer, or review in the box below to share what you know or to get answers. NB: We will use your IP address to display your approximate location to other users.

Your comment, question, answer, or review will be posted as an anonymous user because you are not signed in. Anonymous posts cannot be edited or deleted. Sign-in.

Online Threat Alerts (OTA)

The "GDPR Notification from the UK Non Compliance Register" Scam