Medium riskSmall Business & Workplace Scams

Fake Data Protection Fee Scam

In this scam, official-looking letters, emails, or calls demand that a business pay a data protection or GDPR 'registration' fee, threatening fines, while impersonating the regulator to collect inflated or bogus payments.

Quick verdict

Risk level
Medium risk
Scam type
Fake compliance demand (business)
Main red flag
A demand to pay a data protection fee with threats of fines, from an unverified source.
What to do first
Check your obligations and fees directly with the official regulator.

What this scam usually looks like

In this scam, official-looking letters, emails, or calls demand that a business pay a data protection or GDPR 'registration' fee, threatening fines, while impersonating the regulator to collect inflated or bogus payments.

Example message pattern

Example pattern — not a real report
Example pattern: 'Your business is not registered for data protection. Pay the registration fee immediately to avoid a substantial fine.'

This is a fictional, anonymised example used to illustrate the pattern. It is not a verified real message, and any names are used only to show how the scam typically reads.

Red flags to watch for

  • A fee demand with threats of large fines
  • Official-looking branding that mimics the regulator
  • An inflated fee compared with the real charge
  • Pressure to pay urgently to avoid penalties
  • A payment address or account that looks unofficial

What to do

  • Verify your obligations and fees with the official regulator
  • Pay only through the regulator's official channel
  • Ignore threats designed to rush payment
  • Report impersonation to the regulator

If you already clicked or replied

  • Contact your bank if you paid an inflated or bogus fee
  • Check your real registration status with the regulator
  • Keep the demand as evidence and report it
  • Pay any genuine fee officially

What not to do

  • Do not pay fee demands without verifying officially
  • Do not act on fine threats under pressure
  • Do not trust official-looking branding alone

Similar scams

Medium risk Business

Fake VAT & Tax Registration Scam

In this scam, third-party sites and callers pose as official tax bodies or agents, charging businesses inflated fees to register for VAT or tax, harvesting company details for a process that is free or low-cost officially.
Medium risk Business

Directory Listing Scam

In this scam, businesses receive official-looking invoices or 'renewal' notices for online or print directory listings they never ordered, hoping a busy team pays without checking.
Medium risk Business

Trademark Registration Scam

In this scam, businesses receive official-looking notices to register, renew, or 'protect' a trademark, charging high fees for unnecessary services or registrations that are not official.

Frequently asked questions

Is this data protection fee genuine?
Many such demands are scams charging inflated or bogus fees. Check your actual obligations and the real fee directly with the official regulator.
It threatened a big fine. Should I pay?
Fine threats are used to rush you. Verify with the regulator first and pay any genuine fee only through the official channel.
I paid the demand. What now?
Contact your bank, check your real registration status with the regulator, keep the demand as evidence, and report it.
How do I know the real fee?
Look it up on the official regulator's website. Genuine fees are published, and you pay them only through official channels.

Last reviewed: June 2026

Disclaimer: This page provides educational information only to help you recognise common scam patterns. It is not legal, financial, cybersecurity, or law enforcement advice, and it does not confirm whether any specific message, company, or person is genuine or fraudulent. When in doubt, contact the official organisation directly and report concerns to your local authorities.