What is social engineering?
Online scams and phishing attacks are prime examples of social engineering — a technique used to manipulate people into sharing confidential or personal information.
If you’re wondering where you’d actually be collecting device data from, you could already be doing so through your online advertising campaigns and website analytics. Both rely on the use of online identifiers to track and target users based on their interests and online behaviours, and the information collected by each can be used to build “profiles” of individuals.
While it’s unlikely that your small business would ever go to such pains, playing safe means staying on the right side of the GDPR by disclosing the collection of any device data by your business. We recommend conducting a review of your website, app, or landing page for any tools that could be collecting device data in the background.
As most popular online marketing and analytics tools are also required to comply with the GDPR, they should have a Terms of Service which will clearly explain the specific types of device data being collected and the method of collection.