I am a small musician promoting a new song but forgot to put the recipients of a promotional email as BCC (I got the emails off of my presave list). One person has emailed me concerned about their email being visible. I don't know what to do
Asked
Active
Viewed 3,219 times
1 Answers
25
Don’t do it again
This is a data breach under the GDPR.
So, you should implement your data breach protocol which you established when you decided to become a data controller. You did do that, right? Well, if you didn’t, you should do it now.
You need to assess the risk to the individuals whose data was breached based on what it was and who got hold of it. If all that was breached is their email addresses and the fact that they like your music, the risk is pretty low. Probably so low you don’t need to report it to the authority or notify them of the breach, but you need to do this assessment, not me. You do need to keep a record of the breach.
Reading between the lines, it also appears that you need to brush up on your obligations as a data controller.
Dale M
- 237,717
- 18
- 273
- 546