ODO24 Logo
ODO24 Logo
ODO24 Logo
GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
Incidents and Fines

Is sending employee payslips to an unauthorized person a personal data breach?

ANSWER

The situation described constitutes a personal data breach as defined in Article 4(12) GDPR, i.e. the disclosure of personal data to an unauthorized person. As a rule, the data controller is responsible for this situation, i.e. the employer or the processor (external company). First, it is necessary to determine who made the mistake regarding the email address — the employer or the external company.

A request for explanation should be submitted to both entities. Under Article 82(1) GDPR, the data subject has the right to claim compensation for a breach of the GDPR if, as a result of that breach, they suffered material or non-material damage. The right to claim compensation under Article 82(1) GDPR applies against either the controller or the processor.

Show all
PreviousNext

Read also:

12 March 2026

Kiedy nie zgłaszać naruszenia do UODO? Praktyczna analiza art. 33 RODO

06 March 2026

Za co Prezes UODO nakłada kary – podsumowanie wyników raportu

15 October 2025

Jakie kary za marketing telefoniczny bez zgody? Przykłady decyzji i kwoty

Szkolenia

RODO od podstaw (8h) online

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
Personal data breach — employee payslips | ODO 24 | ODO 24