ODO24 Logo
ODO24 Logo
ODO24 Logo
GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
Incidents and Fines

What actions should be taken when a mailing is sent to many recipients without using BCC?

ANSWER

The situation described constitutes a personal data breach as defined in Article 4(12) GDPR, i.e. the disclosure of personal data to unauthorised persons. Information on how to proceed in the event of a data breach can be found in the article: "Managing breaches – action plan", and I would also recommend using our breach severity calculator to determine whether the personal data breach described should be reported to PUODO. In the event of a personal data breach, the controller should act in accordance with the GDPR, and in particular Articles 33 and 34 GDPR, in order to minimise the consequences of the breach, which will affect any subsequent decisions of the supervisory authority.

Show all
PreviousNext

Read also:

12 March 2026

Kiedy nie zgłaszać naruszenia do UODO? Praktyczna analiza art. 33 RODO

06 March 2026

Za co Prezes UODO nakłada kary – podsumowanie wyników raportu

15 October 2025

Jakie kary za marketing telefoniczny bez zgody? Przykłady decyzji i kwoty

RODO Migawki

Bezpłatny e-learning dla pracowników

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
GDPR incident: mailing sent without BCC | ODO 24 | ODO 24