News
📢 Confidentiality: Sending an email to recipients with a non-blind copy!
Source: PS-00395-2023
Case of Commercial Prospecting Involving GDPR Violation
📌 Case Context:
• A complaint was filed against the firm RECATALA AGRAMUNT ABOGADOS Y ECONOMISTAS (Bufete-RA) for sending a marketing email with 95 recipients in visible copy (Cc) instead of blind copy (Bcc).
• Major issue: All recipients’ email addresses were visible to one another, compromising the confidentiality of personal data.
• The company justified the email by claiming that the recipients were already registered clients.
🚨 Identified Violations:
1️⃣ Violation of the data confidentiality principle (Article 5.1.f GDPR)
→ By exposing recipients’ email addresses, the company failed in its obligation to protect personal data.
2️⃣ Failure to implement appropriate security measures (Article 32 GDPR)
→ The lack of a procedure to prevent unprotected email sending revealed a negligence in data security practices.
⚖️ Imposed Sanctions:
• €2,000 fine for violating Article 5.1.f GDPR (data confidentiality)
• €500 fine for violating Article 32 GDPR (lack of security measures)
🔧 Compliance Measures Required:
🔹 Implementation of technical and organizational measures to prevent similar incidents
🔹 Employee training on secure email communication practices