In the last 48 hours I (just like you), have received emails from companies like Paypal and LinkedIn letting me know they updated their ToS to be GDPR compliant. Although these were legit, it is a great opportunity for cybercriminals to ride the wave and send fake letters that will lead a victim to a phishing site or malware infection point. All they have to do is grab a list of emails from a known breach, no matter how old, and send the corresponding spam letter asking the victim to log in and accept the new ToS. After all, the source of the breach itself is telling them exactly which company they'd need to impersonate. And the guard will be down because we've been recently receiving this type of email.
91% of cyber attacks start with a phishing email. Don't let your guard down!
Gabriel Glusman, Senior Cyber Intelligence Analyst, Sixgill