GDPR human mistake breach, ¿any thoughts?
Hi, I want to share something that happened, and get your thoughts and advices.
Because of various mistakes (human and technical), we sent an email to the incorrect list, a list that in theory our business unit should not have access (hence the technical mistake), but again: human mistake and not threachery, actually it was a mail with no personal information whatsoever. It was sent to a list +50K but as for now we only have a OR of >10% and half a dozen have contacted the Reply to mail in order to ask why they received that or to ask to be removed from the distribution list.
So now knowing what happened, this are my doubts/fears:
- What consequences could this bring to our business unit and to the one that actually own the distribution list?
- What action could be the most GDPR compliant as a follow up: do nothing, let the business unit that owns the distribudion list do the follow up, send a mail explaining that was a 1 time, human mistake assuring the contacted people we are doing everything to correct the mistake that created this situation? any other idea?