ODO24 Logo
ODO24 Logo
ODO24 Logo
GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
Incidents and Fines

Is information posted on a forum on a social media platform about exam results a breach of the GDPR?

ANSWER

The controller of students' personal data is the university. Teaching staff (lecturers) are employees or persons cooperating with the university who process students' personal data on behalf of the controller (the university). Information about a student's name and exam grade constitutes personal data within the meaning of Article 4(1) GDPR, so the controller should not disclose it to unauthorized persons.

As a rule, it is accepted that a personal data breach will include, for example, posting a collective list of exam results on examination room doors or publishing them on an extranet or intranet. In this case, posting such a collective list by a lecturer on a social media platform will also constitute a personal data breach.

If the information about exam results allowed identification of a natural person (name and surname + result), publishing it on a social media platform constitutes a personal data breach under Article 4(12) GDPR. If, however, the communication of information about exam results concerned each person individually, we are not dealing with unauthorized disclosure of personal data, i.e. a breach of the natural person's personal data.

Show all
PreviousNext

Read also:

12 March 2026

Kiedy nie zgłaszać naruszenia do UODO? Praktyczna analiza art. 33 RODO

06 March 2026

Za co Prezes UODO nakłada kary – podsumowanie wyników raportu

15 October 2025

Jakie kary za marketing telefoniczny bez zgody? Przykłady decyzji i kwoty

Szkolenia

Praktyczny kurs IOD (32h) online

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
GDPR and exam results: is posting on a forum a breach? | ODO 24 | ODO 24