Discussion
GDPR doesn't mean that all direct marketing must stop and companies cannot communicate to you, there are lawful ways that a company can process your data, including emailing you, even if you haven't given consent.
What do you mean by a breach, your personal data has been breached (stolen, hacked, lost etc.) or the company has acted illegally in breach of GDPR rues.
Was it to your personal email or relating to your job at a company (B2C or B2B).
From the information you have given it is very difficult to offer guidance.
What do you mean by a breach, your personal data has been breached (stolen, hacked, lost etc.) or the company has acted illegally in breach of GDPR rues.
Was it to your personal email or relating to your job at a company (B2C or B2B).
From the information you have given it is very difficult to offer guidance.
Audicab said:
GDPR doesn't mean that all direct marketing must stop and companies cannot communicate to you, there are lawful ways that a company can process your data, including emailing you, even if you haven't given consent.
What do you mean by a breach, your personal data has been breached (stolen, hacked, lost etc.) or the company has acted illegally in breach of GDPR rues.
Was it to your personal email or relating to your job at a company (B2C or B2B).
From the information you have given it is very difficult to offer guidance.
An employees personal financial details were emailed in error to myself and other employees who were not entitled to see them.What do you mean by a breach, your personal data has been breached (stolen, hacked, lost etc.) or the company has acted illegally in breach of GDPR rues.
Was it to your personal email or relating to your job at a company (B2C or B2B).
From the information you have given it is very difficult to offer guidance.
What i need to establish is do i delete the email ( I assume so) ? The employee is i think listed in the group email so I believe is aware of the breach and has commented regarding it but seems unsure what to do.
Edited by frankenstein12 on Wednesday 20th June 18:34
Sorry I misread your post.
This is potentially a very serious issue.
The company has 72 hours to inform the ICO of the data breach and depending on what information was included the breach poses a risk to the individual so they have a duty to inform the individual that there has been a breach without delay. For many data breaches the company may decide that it doesn't necessitate reporting to the ICO but they must be able to defend that decision.
The ICO has included sending personal information to incorrect recipients as being a data breach.
Hopefully the company has got robust policies and know exactly what to do in the case of a breach.
The ICO are a great source of information.
https://ico.org.uk/for-organisations/guide-to-the-...
This is potentially a very serious issue.
The company has 72 hours to inform the ICO of the data breach and depending on what information was included the breach poses a risk to the individual so they have a duty to inform the individual that there has been a breach without delay. For many data breaches the company may decide that it doesn't necessitate reporting to the ICO but they must be able to defend that decision.
The ICO has included sending personal information to incorrect recipients as being a data breach.
Hopefully the company has got robust policies and know exactly what to do in the case of a breach.
The ICO are a great source of information.
https://ico.org.uk/for-organisations/guide-to-the-...
Audicab said:
Sorry I misread your post.
This is potentially a very serious issue.
The company has 72 hours to inform the ICO of the data breach and depending on what information was included the breach poses a risk to the individual so they have a duty to inform the individual that there has been a breach without delay. For many data breaches the company may decide that it doesn't necessitate reporting to the ICO but they must be able to defend that decision.
The ICO has included sending personal information to incorrect recipients as being a data breach.
Hopefully the company has got robust policies and know exactly what to do in the case of a breach.
The ICO are a great source of information.
https://ico.org.uk/for-organisations/guide-to-the-...
Yup aware of all of that as had to undergo GDPR training myself in the last two months.This is potentially a very serious issue.
The company has 72 hours to inform the ICO of the data breach and depending on what information was included the breach poses a risk to the individual so they have a duty to inform the individual that there has been a breach without delay. For many data breaches the company may decide that it doesn't necessitate reporting to the ICO but they must be able to defend that decision.
The ICO has included sending personal information to incorrect recipients as being a data breach.
Hopefully the company has got robust policies and know exactly what to do in the case of a breach.
The ICO are a great source of information.
https://ico.org.uk/for-organisations/guide-to-the-...
My main concern is just understanding my own position in how i deal with this as a "mere" recipient of information.
DO i delete the email? Am i required to make someone in the company aware personally or is it enough to assume someone else has such as the person whose data has been disclosed or the person who created the breach etc. The person whos data was disclosed has emailed the mail group asking what the situation is and what they need to do.
To be honest the whole situation is utterly farcical and I wish i could discuss exactly what has gone on this afternoon. Its just been one error after another.
frankenstein12 said:
An employees personal financial details were emailed in error to myself and other employees who were not entitled to see them.
What i need to establish is do i delete the email ( I assume so) ? The employee is i think listed in the group email so I believe is aware of the breach and has commented regarding it but seems unsure what to do.
They had better fess up to the ICO before someone grasses them in.What i need to establish is do i delete the email ( I assume so) ? The employee is i think listed in the group email so I believe is aware of the breach and has commented regarding it but seems unsure what to do.
Edited by frankenstein12 on Wednesday 20th June 18:34
The ICO will be looking for skapegoats and will name and shame faster than a cheeky girl and a Lib Dem politician.
If the injured party wants to make waves - It is game on time!!!!
Personally (as someone who's been involved with GDPR solutions), I'd delete the email and inform the sender of their screw up. Then I'd do nothing more.
Sure, you *could* go to the ICO etc etc etc, but is it worth it unless you really want to screw someone over? Mistakes do happen and people should be more careful, but assuming they're a decent company I'd hope they'd realise the severity of their mistake! If they don't, then it's time to go heavy handed.
Sure, you *could* go to the ICO etc etc etc, but is it worth it unless you really want to screw someone over? Mistakes do happen and people should be more careful, but assuming they're a decent company I'd hope they'd realise the severity of their mistake! If they don't, then it's time to go heavy handed.
Gassing Station | Jobs & Employment Matters | Top of Page | What's New | My Stuff