Did you e-mail a client’s data to the wrong person? Now what?

2023 01 29

Sometimes one misdirected e-mail can cost over €50K.

A Polish telecommunications company learned this the hard way when a recipient of misdirected e-mail complained about receiving it to the Polish data protection authority. The e-mail contained the personal data of one of the company’s subscribers. The company failed to inform the regulator and affected person about a breach within 24 hours, which violated the Polish Telecommunications Law, and led to a EUR 53K fine.
Even though this fine was not imposed for GDPR violations, in some situations, a single misdirected e-mail may also constitute a high-risk personal data breach (e. g., when misdirecting an e-mail containing another person’s special category data).

WALLESS experts share insights on how to manage such situations:

  • Don’t rush; before clicking “send”, build a habit of checking who the recipient is (you may also automatically delay outgoing e-mails with attachments for a few minutes).
  • Learn how to recall an e-mail so you don’t have to google this in urgent situations.
  • If you mistakenly send an e-mail to the incorrect customer, assess the situation; if there is a threat to the rights and freedoms of data subjects, inform them and the supervisory authority immediately, but no later than 72 hours after the incident.
  • Protect your e-mails to the clients with technical security measures (e. g., individualized passwords).
  • Have a documented process for managing personal data breaches.
  • Train your employees on how to identify and manage such incidents.
  • Periodically ensure the accuracy of your client’s personal data.

This will ensure that your customer’s contact details are always up to date.

#GDPR #privacy #databreach

WALLESS Weekly Review

Subscribe and receive the summary of the Lithuanian Supreme Court's rulings every week in your inbox. The information is prepared by the WALLESS Arbitration and Dispute Resolution Team.

Please note that review is in Lithuanian.