ODO24 Logo
ODO24 Logo
ODO24 Logo
GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
Incidents and Fines

Does sharing information about an employee's pregnancy among other employees of the controller constitute a personal data breach?

ANSWER

Information about an employee's pregnancy is special category personal data under Article 9(1) GDPR. Disclosure of such information to unauthorized persons constitutes a personal data breach as defined in Article 4(12) GDPR (unauthorized disclosure of personal data, including special category data concerning health). Such disclosure by an employee should not occur.

The controller's employee should be appropriately instructed on confidentiality rules regarding personal data processed on behalf of the controller. They should not disclose it to other colleagues. In this situation, the right to lodge a complaint with the supervisory authority (President of the Personal Data Protection Office) against the controller under Article 77(1) GDPR applies. The situation should be reported to the employer, who should take consequences against that employee under the Labour Code.

Show all
PreviousNext

Read also:

12 March 2026

Kiedy nie zgłaszać naruszenia do UODO? Praktyczna analiza art. 33 RODO

06 March 2026

Za co Prezes UODO nakłada kary – podsumowanie wyników raportu

15 October 2025

Jakie kary za marketing telefoniczny bez zgody? Przykłady decyzji i kwoty

Kalkulator analizy ryzyka

Sprawdź, jaki poziom ryzyka wiąże się z przetwarzaniem danych przez wybrany zasób

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
Is an employee's pregnancy protected personal data? — GDPR | ODO 24 | ODO 24